The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-07-11T06:00:04.304Z
Updated: 2024-08-01T21:25:03.207Z
Reserved: 2024-06-14T21:14:44.679Z
Link: CVE-2024-6026
Vulnrichment
Updated: 2024-07-11T14:07:46.387Z
NVD
Status : Analyzed
Published: 2024-07-11T06:15:02.987
Modified: 2024-07-12T16:55:44.240
Link: CVE-2024-6026
Redhat
No data.