Cross site scripting

2022-07-0413:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

24.8%

JSON

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

CPENameOperatorVersion
wp_contact_sliderlt2.4.7

CPE	Name	Operator	Version
	wp_contact_slider	lt	2.4.7

References

wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for PRION:CVE-2022-1301