The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Metrics
Affected Vendors & Products
References
History
Mon, 07 Oct 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-79 |
Tue, 01 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
10web
10web slider |
|
CPEs | cpe:2.3:a:10web:slider:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
10web
10web slider |
|
Metrics |
cvssV3_1
|
Mon, 30 Sep 2024 06:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | |
Title | Slider by 10Web < 1.2.59 - Admin+ Stored XSS | |
References |
|
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-09-30T06:00:06.824Z
Updated: 2024-10-01T14:08:52.155Z
Reserved: 2024-08-28T19:00:51.476Z
Link: CVE-2024-8283
Vulnrichment
Updated: 2024-10-01T14:08:46.127Z
NVD
Status : Analyzed
Published: 2024-09-30T06:15:14.603
Modified: 2024-10-07T15:49:22.043
Link: CVE-2024-8283
Redhat
No data.