5 matches found
CVE-2024-10149
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Social Slider Feed plugin < 2.2.9 - Admin+ Stored XSS via Widgets vulnerability
Admin+ Stored XSS via Widgets vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Social Slider Feed versions 2.2.9...
CVE-2024-10149
The CVE-2024-10149 entry concerns the WordPress Social Slider Feed plugin prior to version 2.2.9. The root cause is that certain settings are not properly sanitized or escaped, enabling Stored XSS by high‑privilege users (e.g., administrators) even when unfiltered_html is disallowed (such as in m...
CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-10149 Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets
The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...