4 matches found
CVE-2022-4664
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4664
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2022-4664
The CVE-2022-4664 entry concerns the WordPress plugin Logo Slider (before 3.6.0). The vulnerability arises because the plugin does not validate and escape certain shortcode attributes before outputting them in a page/post, enabling Stored Cross-Site Scripting for users with the contributor role o...
WordPress Logo Slider Plugin < 3.6.0 is vulnerable to Cross Site Scripting (XSS)
Software Logo Slider Type Plugin Vulnerable versions 3.6.0 Fixed in 3.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4664 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e6f86b351cc2 Credits Lana Codes Required...