3 matches found
CVE-2024-2306
The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...
CVE-2024-2306
CVE-2024-2306 involves the WordPress plugin Slider Revolution (Revslider). The Red Hat and Wordfence-referenced records describe a Stored Cross-Site Scripting (XSS) vulnerability triggered by uploading an SVG file, due to insufficient input sanitization and output escaping. This affects all versi...
WordPress Slider Revolution Plugin <= 6.6.20 is vulnerable to Cross Site Scripting (XSS)
Software Slider Revolution Type Plugin Vulnerable versions = 6.6.20 Fixed in 6.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2306 Patch priority Low CVSS severity Low 5.9 Developer ThemePunch PSID 25a221b7c033 Credits wesley wcraft Nikolas - md...