3 matches found
CVE-2024-4426
CVE-2024-4426 refers to the WordPress plugin “Comparison Slider” (versions up to and including 1.0.5), where a CSRF vulnerability exists due to missing or incorrect nonce validation on several AJAX actions. This allows unauthenticated attackers to forge requests that can change slider titles, del...
CVE-2024-4422
CVE-2024-4422: The WordPress Comparison Slider plugin is vulnerable to Stored XSS via the slider title parameter in all versions up to and including 1.0.5 due to insufficient input sanitization/out escaping. Exploitation requires subscriber-level or higher authenticated access, and crafted slider...
CVE-2024-4427
CVE-2024-4427 concerns the WordPress plugin Comparison Slider . The vulnerability exists in all versions up to and including 1.0.5 due to a missing capability check on several AJAX actions . This can allow authenticated attackers with subscriber access or higher to modify data, including plugin s...