Unrated severityNVD Advisory· Published Jul 11, 2024· Updated Aug 1, 2024

Slider by 10Web < 1.2.56 - Editor+ Stored XSS

CVE-2024-6026

Description

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks

Affected products

Unknown/Slider By 10webv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/01609d84-e9eb-46a9-b2cc-fe7e0c982984/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000