CVE-2024-6026 Slider by 10Web < 1.2.56 - Editor+ Stored XSS

2024-07-1106:00:04

WPScan

www.cve.org

cve-2024-6026

wordpress

stored xss

10web slider

EPSS

Percentile

14.3%

JSON

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56’s options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Slider by 10Web ",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "1.2.56"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/01609d84-e9eb-46a9-b2cc-fe7e0c982984/

EPSS

Percentile

14.3%

JSON

Related for CVELIST:CVE-2024-6026