2 matches found
CVE-2021-24506
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin (before version 8.2.7) contains a SQL injection vulnerability: the id attribute of the hero-button shortcode is not sanitized/escaped before being used in a SQL statement, enabling users with a role as low as Contribu...
CVE-2022-3074
The CVE-2022-3074 entry is about the Slider Hero WordPress plugin (versions prior to 8.4.4). The vulnerability stems from the plugin not escaping the slider Name, enabling Cross-Site Scripting (XSS) by high-privileged users (admin+). Exploitation is described as a stored XSS condition, with notab...