3 matches found
CVE-2024-4470
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslideinfo' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tagname' attribute. This...
CVE-2024-4470
CVE-2024-4470 affects Master Slider – Responsive Touch Slider for WordPress. All versions ≤ 3.9.9 are vulnerable to Stored XSS via the ms_slide_info shortcode’s tag_name attribute due to insufficient input sanitization/output escaping. An authenticated attacker with contributor+ privileges can in...
WordPress Master Slider Plugin <= 3.9.9 is vulnerable to Cross Site Scripting (XSS)
Software Master Slider Type Plugin Vulnerable versions = 3.9.9 Fixed in 3.9.10 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4470 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 10c97d7cedf9 Credits wesley wcraft Required...