2 matches found
WordPress Slider Revolution plugin <= 6.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via Elementor wrapperid and zindex vulnerability discovered by stealthcopter in WordPress Plugin Slider Revolution versions = 6.7.10...
Slider Revolution < 6.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via Elementor wrapperid and zindex
Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping on the user supplied Elementor 'wrapperid' and 'zindex' display attributes. This makes it...