Lucene search
WPScanVULNRICHMENT:CVE-2024-6026HistoryJul 11, 2024 - 6:00 a.m.
CVE-2024-6026 Slider by 10Web < 1.2.56 - Editor+ Stored XSS
2024-07-1106:00:04
WPScan
github.com
5
cve-2024-6026
10web slider
wordpress plugin
stored xss
cross-site scripting
AI Score
5.8
Confidence
High
EPSS
0
Percentile
14.3%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56’s options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks
CNA Affected
[
{
"vendor": "Unknown",
"product": "Slider by 10Web ",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.2.56",
"versionType": "semver"
}
],
"defaultStatus": "unaffected"
}
]ADP Affected
[
{
"cpes": [
"cpe:2.3:a:10web:slider:*:*:*:*:*:wordpress:*:*"
],
"vendor": "10web",
"product": "slider",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "1.2.56",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]Related
cve
cve
CVE-2024-6026
2024-07-11 06:15:02
cvelist
cvelist
CVE-2024-6026 Slider by 10Web < 1.2.56 - Editor+ Stored XSS
2024-07-11 06:00:04
nvd
nvd
CVE-2024-6026
2024-07-11 06:15:02
wordfence
wordfence
AI Score
5.8
Confidence
High
EPSS
0
Percentile
14.3%
SSVC
Exploitation
poc
Automatable
no
Technical Impact
partial
Related for VULNRICHMENT:CVE-2024-6026