8 matches found
CVE-2022-3237
The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3237
The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3237 WP Contact Slider < 2.4.8 - Admin+ Stored Cross-Site Scripting
The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2022-3237
CVE-2022-3237 affects the WP Contact Slider WordPress plugin prior to version 2.4.8. Root cause: the plugin does not sanitize and escape its settings, allowing a high-privilege user (e.g., admin) to perform cross-site scripting even when unfiltered_html is disallowed. Impact: stored XSS that can ...
PT-2022-21268 · WordPress · Wp Contact Slider
Name of the Vulnerable Software and Affected Versions: WP Contact Slider WordPress plugin versions prior to 2.4.8 Description: The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks. This is possible because the plugin does not properly sanitize and escape...
CVE-2022-1301
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2022-1301
The CVE-2022-1301 entry concerns the WordPress plugin WP Contact Slider . Affected versions before 2.4.7 do not sanitize/escape the slider’s Text to Display setting, enabling stored XSS for high-privilege users (e.g., editors and above) even when unfiltered_html is disallowed. Root cause: insuffi...
WP Contact Slider < 2.4.7 - Editor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slider, select the "text or HTML" for the " What would...