BxSlider WP <= 2.0.0 – Contributor+ Stored Cross-Site Scripting | CVE 2022-33943

Affects Plugins

bxslider-wp

No known fix

References

CVE

CVE-2022-33943

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CWE-79

CVSS

6.8 (medium)

Miscellaneous

Original Researcher

Ngo Van Thien

Verified

No

WPVDB ID

b795c676-67ee-4b6e-a96f-dd2815188588

Timeline

Publicly Published

2022-07-27 (about 3 years ago)

Added

2022-07-28 (about 3 years ago)

Last Updated

2023-04-26 (about 3 years ago)

Other

Published

Title

Published

2023-11-15

Title

Better RSS Widget <= 2.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2024-04-05

Title

FooGallery < 2.4.15 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2025-01-30

Title

Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2025-01-06

Title

Beacon Lead Magnets and Lead Capture < 1.5.8 - Reflected Cross-Site Scripting

Published

2022-12-02

Title

Chained Quiz < 1.3.2.3 - Reflected Cross-Site Scripting