WordPress Plugin Vulnerabilities

Layer Slider <= 1.1.9.7 - Contributor+ Stored XSS

Description

The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
slider-slideshow
No known fix

References

CVE
CVE-2023-23798
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/slider-slideshow/layer-slider-1197-authenticated-contributor-stored-cross-site-scripting

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
5.9 (medium)

Miscellaneous

Original Researcher
Rafshanzani Suhada
Verified
No
WPVDB ID
c7951a98-849d-4e0f-b00f-2e4409b47f19

Timeline

Publicly Published
2023-06-28 (about 2 years ago)
Added
2023-08-10 (about 2 years ago)
Last Updated
2023-08-10 (about 2 years ago)

Other

Published
Title
Published
2025-07-22
Title
Fleetwire Fleet Management Plugin < 1.0.20 - Authenticated (Contributor+) Stored Cross-Site Scripting via fleetwire_list Shortcode
Published
2024-11-20
Title
Sticky Social Icons <= 1.2.1 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2022-12-05
Title
Loginizer < 1.7.6 - Reflected XSS
Published
2023-06-05
Title
Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS
Published
2025-08-18
Title
King Addons for Elementor <= 51.1.58 - Contributor+ Stored XSS