Lucene search

WpvulndbWPVDB-ID:F79B835F-A3A2-40E1-91CC-987604B0A593

HistoryJun 05, 2024 - 12:00 a.m.

Slider Revolution < 6.7.11 - Authenticated (Author+) Stored Cross-Site Scripting

2024-06-0500:00:00

wpscan.com

slider revolution

wordpress

vulnerability

stored cross-site scripting

input sanitization

output escaping

authenticated attackers

author-level access

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Description The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 6.7.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CPENameOperatorVersion
eq6.7.11

CPE	Name	Operator	Version
		eq	6.7.11

References

www.wordfence.com/threat-intel/vulnerabilities/id/64852bc8-aeba-458d-9235-94bd4c4ec429