Lucene search
WpvulndbWPVDB-ID:034594A6-F7DB-4C35-B358-6235A2298F21HistoryApr 10, 2024 - 12:00 a.m.
Carousel Slider < 2.2.7 - Editor+ Stored Cross-Site Scripting
2024-04-1000:00:00
wpscan.com
10
cross-site scripting
input sanitization
output escaping
unauthenticated attackers
web scripts
Description The plugin is vulnerable to Reflected Cross-Site Scripting via the Slides Per View parameter in all versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Related
cvelist
cvelist
CVE-2024-1712 Carousel Slider < 2.2.7 - Editor+ Stored XSS
2024-04-15 05:00:04
cve
cve
CVE-2024-1712
2024-04-15 05:15:14
nvd
nvd
CVE-2024-1712
2024-04-15 05:15:14
vulnrichment
vulnrichment
CVE-2024-1712 Carousel Slider < 2.2.7 - Editor+ Stored XSS
2024-04-15 05:00:04
wpexploit
wpexploit
Carousel Slider < 2.2.7 - Editor+ Stored XSS
2024-03-25 00:00:00
wpvulndb
wpvulndb
Carousel Slider < 2.2.7 - Editor+ Stored XSS
2024-03-25 00:00:00
wordfence
wordfence
AI Score
6.5
Confidence
High
EPSS
0
Percentile
9.0%
Related for WPVDB-ID:034594A6-F7DB-4C35-B358-6235A2298F21