Simonpedge: Security Vulnerabilities
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-01-16
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin <= 2.4.9 versions.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-11-07