WordPress Plugin Vulnerabilities

SliceWP < 1.0.46 - Reflected Cross-Site Scripting (XSS)

Description

The plugin does not escape the converted parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting issue

Proof of Concept

Affects Plugins

Plugin icon
slicewp
Fixed in 1.0.46

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
9d9b5ca8-72e2-409a-ac6d-543f6f3e7920

Timeline

Publicly Published
2021-08-09 (about 4 years ago)
Added
2021-08-09 (about 4 years ago)
Last Updated
2021-08-09 (about 4 years ago)

Other

Published
Title
Published
2024-04-29
Title
WP Shortcodes Plugin — Shortcodes Ultimate < 7.1.3 - Contributor+ Stored XSS
Published
2025-01-06
Title
Dental Optimizer Patient Generator App <= 1.0 - Reflected XSS
Published
2021-12-03
Title
Survey Maker < 2.0.7 - Unauthenticated Store Cross-Site Scripting
Published
2025-01-24
Title
ElementInvader Addons for Elementor < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2021-04-13
Title
Ultimate Addons for Elementor < 1.30.0 - Contributor+ Stored XSS