Lucene search
+L

8 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:56 p.m.15 views

CVE-2022-3237

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.2AI score0.00532EPSS
Exploits2References1
OSV
OSV
added 2022/10/31 4:15 p.m.16 views

CVE-2022-3237

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00532EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2022/10/31 12:0 a.m.6 views

CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting

The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8AI score0.00532EPSS
Exploits2References1
CVE
CVE
added 2022/10/31 12:0 a.m.55 views

CVE-2022-3237

CVE-2022-3237 affects the WP Contact Slider WordPress plugin prior to version 2.4.8. Root cause: the plugin does not sanitize and escape its settings, allowing a high-privilege user (e.g., admin) to perform cross-site scripting even when unfiltered_html is disallowed. Impact: stored XSS that can ...

4.8CVSS4.8AI score0.00532EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/31 12:0 a.m.10 views

PT-2022-21268 · WordPress · Wp Contact Slider

Name of the Vulnerable Software and Affected Versions: WP Contact Slider WordPress plugin versions prior to 2.4.8 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize and escape...

4.8CVSS4.7AI score0.00532EPSS
Exploits2References5
NVD
NVD
added 2022/07/04 1:15 p.m.25 views

CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS0.00552EPSS
Exploits2References1
CVE
CVE
added 2022/07/04 1:5 p.m.69 views

CVE-2022-1301

The CVE-2022-1301 entry concerns the WordPress plugin WP Contact Slider . Affected versions before 2.4.7 do not sanitize/escape the slider’s Text to Display setting, enabling stored XSS for high-privilege users (e.g., editors and above) even when unfiltered_html is disallowed. Root cause: insuffi...

4.8CVSS4.7AI score0.00552EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/06/13 12:0 a.m.146 views

WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slider, select the "text or HTML" for the " What would...

4.8CVSS4.7AI score0.00552EPSS
Exploits2
Rows per page
Query Builder