Simonpedge: >> Slide Anything >> 2.0 Security Vulnerabilities
The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-01-16