First published: Mon May 23 2022(Updated: )
The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web Sliderby10web | <1.2.52 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-1320 is a vulnerability in the Sliderby10Web WordPress plugin that allows high-privileged users to perform Cross-Site Scripting attacks.
CVE-2022-1320 allows high-privileged users, such as admin, to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2022-1320 has a severity rating of medium (4.8).
To mitigate the CVE-2022-1320 vulnerability, update the Sliderby10Web plugin to version 1.2.52 or later, which properly sanitizes and escapes the settings.
More information about CVE-2022-1320 can be found at https://wpscan.com/vulnerability/43581d6b-333a-48d9-a1ae-b9479da8ff87