WordPress Plugin Vulnerabilities

Parallax Slider Block < 1.2.6 - Author+ Stored XSS

Description

The plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

Plugin icon
parallax-slider-block
Fixed in 1.2.6

References

CVE
CVE-2023-49184
URL
https://patchstack.com/database/vulnerability/parallax-slider-block/wordpress-parallax-slider-block-plugin-1-2-4-cross-site-scripting-xss-vulnerability

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
emad
Verified
No
WPVDB ID
5c1a9955-1f96-4f75-b61e-53979ed85365

Timeline

Publicly Published
2023-11-29 (about 2 years ago)
Added
2023-12-08 (about 2 years ago)
Last Updated
2024-03-12 (about 2 years ago)

Other

Published
Title
Published
2024-07-01
Title
Elementor – Header, Footer & Blocks Template < 1.6.36 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2023-02-15
Title
Easy Panorama < 1.1.5 - Admin+ Stored XSS
Published
2024-03-26
Title
Email Subscribers & Newsletters < 5.7.12 - Reflected Cross-Site Scripting via campaign_id
Published
2021-04-30
Title
Give WP < 2.10.4 - Authenticated Stored Cross-Site Scripting (XSS)
Published
2024-03-15
Title
Calendarista Basic Edition < 3.0.3 - Unauthenticated Cross-Site Scripting