2 matches found
CVE-2024-4375 Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mslayer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'cssid' user supplied attribute. This...
CVE-2024-4375
CVE-2024-4375 affects Master Slider – Responsive Touch Slider for WordPress. A stored XSS vulnerability exists via the plugin’s ms_layer shortcode in all versions up to 3.9.10, caused by insufficient input sanitization and lack of proper output escaping on the css_id attribute. This allows authen...