WordPress Master Slider - Responsive Touch Slider plugin <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode vulnerability

WordPress Master Slider - Responsive Touch Slider plugin = 3.10.6 - Authenticated Contributor+ Stored Cross-Site Scripting via mslayer Shortcode vulnerability discovered by Krzysztof Zając - CERT PL in WordPress Plugin Master Slider versions = 3.10.6...

CVE-2024-13757

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-4375

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mslayer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'cssid' user supplied attribute. This...

PT-2024-30637 · WordPress · The Master Slider

Name of the Vulnerable Software and Affected Versions: The Master Slider – Responsive Touch Slider plugin for WordPress versions up to, and including, 3.9.10 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'ms layer' shortcode due to insufficient input sanitizati...