The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-07-11T06:00:04.304Z

Updated: 2024-08-01T21:25:03.207Z

Reserved: 2024-06-14T21:14:44.679Z

Link: CVE-2024-6026

cve-icon Vulnrichment

Updated: 2024-07-11T14:07:46.387Z

cve-icon NVD

Status : Analyzed

Published: 2024-07-11T06:15:02.987

Modified: 2024-07-12T16:55:44.240

Link: CVE-2024-6026

cve-icon Redhat

No data.