The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting
Metrics
Affected Vendors & Products
References
History
Fri, 29 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Logo Slider Wordpress
Logo Slider Wordpress logo Slider Wordpress |
|
Weaknesses | CWE-78 | |
CPEs | cpe:2.3:a:logo_slider_wordpress:logo_slider_wordpress:*:*:*:*:*:*:*:* | |
Vendors & Products |
Logo Slider Wordpress
Logo Slider Wordpress logo Slider Wordpress |
|
Metrics |
cvssV3_1
|
Thu, 28 Nov 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting | |
Title | Logo Slider < 4.5.0 - Contributor+ Stored XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-11-28T06:00:12.112Z
Updated: 2024-11-29T15:39:39.900Z
Reserved: 2024-11-05T18:49:09.341Z
Link: CVE-2024-10896
Vulnrichment
Updated: 2024-11-29T15:39:32.370Z
NVD
Status : Awaiting Analysis
Published: 2024-11-28T06:15:08.233
Modified: 2024-11-29T16:15:08.880
Link: CVE-2024-10896
Redhat
No data.