Vulnerability Details CVE-2023-0660
The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.7%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-0660
-
cpe:2.3:a:nextendweb:smart_slider_3:3.0.37
-
cpe:2.3:a:nextendweb:smart_slider_3:3.1.10
-
cpe:2.3:a:nextendweb:smart_slider_3:3.1.6
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.10
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.12
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.13
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.14
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.4
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.5
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.6
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.8
-
cpe:2.3:a:nextendweb:smart_slider_3:3.2.9
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.1
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.10
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.11
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.12
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.13
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.15
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.18
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.2
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.20
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.21
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.22
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.23
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.24
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.25
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.26
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.27
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.28
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.3
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.4
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.6
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.7
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.8
-
cpe:2.3:a:nextendweb:smart_slider_3:3.3.9
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.10
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.11
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.12
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.13
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.14
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.15
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.16
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.17
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.6
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.7
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.8
-
cpe:2.3:a:nextendweb:smart_slider_3:3.4.1.9
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.0.10
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.0.11
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.0.8
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.0.9
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.0
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.1
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.11
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.12
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.13
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.2
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.3
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.4
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.7
-
cpe:2.3:a:nextendweb:smart_slider_3:3.5.1.9