CVE-2022-1301

The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Configurations

Configuration 1 (hide)

cpe:2.3:a:wpexperts:wp_contact_slider:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 06:40

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8 - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8 - Exploit, Third Party Advisory

13 Jul 2022, 15:40

Type Values Removed Values Added
CPE cpe:2.3:a:wpexperts:wp_contact_slider:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : unknown
v2 : 3.5
v3 : 4.8
References (MISC) https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8 - (MISC) https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8 - Exploit, Third Party Advisory

04 Jul 2022, 13:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-07-04 13:15

Updated : 2024-11-21 06:40


NVD link : CVE-2022-1301

Mitre link : CVE-2022-1301

CVE.ORG link : CVE-2022-1301


JSON object : View

Products Affected

wpexperts

  • wp_contact_slider
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')