CVE-2024-6026: Slider by 10Web < 1.2.56 - Editor+ Stored XSS
First published: Thu Jul 11 2024(Updated: )
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 10Web Slider by 10Web | <1.2.56 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2024-6026?
CVE-2024-6026 has been classified as a medium severity vulnerability due to potential unauthorized access by authenticated users.
How do I fix CVE-2024-6026?
To fix CVE-2024-6026, update the Slider by 10Web WordPress plugin to version 1.2.56 or later.
Who is affected by CVE-2024-6026?
Authenticated users with access to the Sliders, typically Administrators, are affected by CVE-2024-6026.
What types of attacks can CVE-2024-6026 enable?
CVE-2024-6026 can allow authenticated users to exploit the lack of sanitization and escape of slide options.
Is CVE-2024-6026 a local or remote vulnerability?
CVE-2024-6026 is considered a local vulnerability as it requires authenticated access to the WordPress site.
- agent/title
- agent/references
- agent/weakness
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- agent/event
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/10web
- canonical/10web slider by 10web