CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2022-3237

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress WP Contact Slider Plugin <= 2.4.8 is vulnerable to Cross Site Scripting (XSS)

Software WP Contact Slider Type Plugin Vulnerable versions = 2.4.8 Fixed in 2.4.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 7425e4a52284 Credits Rafie Muhammad Patchstack...

CVE-2022-3237

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-3237

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-3237

CVE-2022-3237 affects the WP Contact Slider WordPress plugin prior to version 2.4.8. Root cause: the plugin does not sanitize and escape its settings, allowing a high-privilege user (e.g., admin) to perform cross-site scripting even when unfiltered_html is disallowed. Impact: stored XSS that can ...

CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress plugin WP Contact Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2022-21268 · WordPress · Wp Contact Slider

Name of the Vulnerable Software and Affected Versions: WP Contact Slider WordPress plugin versions prior to 2.4.8 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize and escape...

WordPress WP Contact Slider plugin <= 2.4.7 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress WP Contact Slider plugin versions = 2.4.7. Solution Update the WordPress WP Contact Slider plugin to the latest available version at least 2.4.8...

WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. Create/edit a Contact slider and put the payload below in the "Text to display" option:...

WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC Create/edit a Contact slider and put the payload below in the "Text to display" option:...

WordPress WP Contact Slider plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

Cross site scripting

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

CVE-2022-1301

The CVE-2022-1301 entry concerns the WordPress plugin WP Contact Slider . Affected versions before 2.4.7 do not sanitize/escape the slider’s Text to Display setting, enabling stored XSS for high-privilege users (e.g., editors and above) even when unfiltered_html is disallowed. Root cause: insuffi...

WordPress plugin WP Contact Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP Contact Slider plugin <= 2.4.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress WP Contact Slider plugin versions = 2.4.6. Solution Update the WordPress WP Contact Slider plugin to the latest available version at least 2.4.7...

WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Create/edit a Slider, select the "text or HTML" for the " What...