First published: Mon Dec 26 2022(Updated: )
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Credit: contact@wpscan.com contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
10web Slider | <1.2.53 | |
<1.2.53 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2022-4197.
The severity of CVE-2022-4197 is medium with a severity value of 4.8.
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitize and escape some of its settings.
High privilege users, such as admins, can exploit CVE-2022-4197.
Yes, the Sliderby10Web WordPress plugin can be vulnerable in a multisite setup.