Description
Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
Published: 2026-06-25
Score: 7.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Unauthenticated Cross Site Scripting is revealed in the Master Slider plugin for WordPress in versions 3.11.2 and earlier. The flaw allows malicious input to be rendered as executable script code in a user’s web browser, leading to potential data theft, session hijacking, or defacement. The weakness falls under input validation and output encoding failures, as identified by CWE-79.

Affected Systems

The vulnerability affects WordPress installations that have the Master Slider plugin, Averta vendor, version 3.11.2 or earlier. No other products or versions are mentioned as affected.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity. Externally, the EPSS score is not available, and the flaw is not listed in the CISA KEV catalog. Based on the description, the vulnerability is exploitable without authentication and is inferred to be reachable through publicly accessible pages that render the plugin’s output.

Generated by OpenCVE AI on June 25, 2026 at 16:01 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Master Slider to a version newer than 3.11.2
  • If upgrading is not immediately possible, temporarily disable or remove the Master Slider plugin from the site
  • Configure the server to enforce strict output encoding and input sanitization for all data processed by the plugin

Generated by OpenCVE AI on June 25, 2026 at 16:01 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Averta
Averta master Slider
Wordpress
Wordpress wordpress
Vendors & Products Averta
Averta master Slider
Wordpress
Wordpress wordpress

Thu, 25 Jun 2026 14:00:00 +0000

Type Values Removed Values Added
Description Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.
Title WordPress Master Slider plugin <= 3.11.2 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Averta Master Slider
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-25T23:21:47.151Z

Reserved: 2026-06-18T09:31:56.471Z

Link: CVE-2026-56014

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T23:00:13Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')