WordPress Plugin Vulnerabilities

Content text slider on post < 6.9 - Authenticated Stored Cross-Site Scripting (XSS)

Description

The plugin does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues

Affects Plugins

Plugin icon
content-text-slider-on-post
Fixed in 6.9

References

CVE
CVE-2015-20019
URL
https://plugins.trac.wordpress.org/changeset/1393044/content-text-slider-on-post
URL
https://seclists.org/bugtraq/2015/Dec/124

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.6 (medium)

Miscellaneous

Original Researcher
ALIREZA_PROMIS
Submitter
Ryan
Verified
Yes
WPVDB ID
4f92b211-e09c-4ed0-bc98-27e0b51b1f86

Timeline

Publicly Published
2015-12-22 (about 8 years ago)
Added
2021-08-12 (about 2 years ago)
Last Updated
2022-04-12 (about 2 years ago)

Other

Published
Title
Published
2023-03-20
Title
Read More Without Refresh < 3.2 - Admin+ Stored Cross-Site Scripting
Published
2023-05-16
Title
Photo Gallery by Ays < 5.1.7 - Reflected XSS
Published
2023-09-19
Title
Table of Contents Plus < 2309 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-01-31
Title
Crazy Bone <= 0.6.0 - Unauthenticated Stored XSS
Published
2024-03-25
Title
Exclusive Addons Elementor < 2.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting