WordPress Webico Slider Flatsome Addons plugin <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via wbcimage Shortcode vulnerability discovered by Francesco Carlucci in WordPress Plugin Webico Slider Flatsome Addons versions = 2.0.1...

CVE-2024-5881

The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbcimage shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5881

CVE-2024-5881 affects the Webico Slider Flatsome Addons plugin for WordPress. It enables a Stored Cross-Site Scripting (XSS) flaw in the plugin’s wbc_image shortcode due to insufficient input sanitization and output escaping. The vulnerability impacts all versions up to and including 2.0.1 . Expl...

CVE-2024-5881 Webico Slider Flatsome Addons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode

The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbcimage shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-5881 Webico Slider Flatsome Addons <= 2.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via wbc_image Shortcode

The Webico Slider Flatsome Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wbcimage shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2024-37218 · WordPress · Webico Slider Flatsome Addons

Name of the Vulnerable Software and Affected Versions: Webico Slider Flatsome Addons plugin for WordPress versions up to, and including, 2.0.1 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wbc image shortcode due to insufficient input sanitization and output...

WordPress Webico Slider Flatsome Addons Plugin <= 2.0.1 is vulnerable to Cross Site Scripting (XSS)

Software Webico Slider Flatsome Addons Type Plugin Vulnerable versions = 2.0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5881 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ccded45458b8 Credits Francesco...