Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting (XSS)

2018-11-1400:00:00

wpvulndb

0.001 Low

EPSS

Percentile

24.8%

JSON

The plugin does not properly sanitise the slider name when creating or editing a slider, leading to an Authenticated (editor+) Stored Cross-Site Scripting issue which will be triggered in the Slider table (/wp-admin/admin.php?page=master-slider). Edit (WPScanTeam): - The original report was from 2018, however the issue was never remediated. - Multiple attempts were made to contact the vendor, but no response was received

The PoC will be displayed once the issue has been remediated

References

www.vulnerability-lab.com/get_content.php?id=2158

0.001 Low

EPSS

Percentile

24.8%

JSON

Related for WPEX-ID:1787F8C9-B70A-4EB7-BE61-813A2B585B5E