WordPress Plugin Vulnerabilities

Image Slider by NextCode <= 1.1.2 - Author+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
baslider
No known fix

References

CVE
CVE-2022-29438

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
BEE-K
Verified
No
WPVDB ID
c9cc3745-b041-42d7-b15b-19b0211e46ce

Timeline

Publicly Published
2022-05-26 (about 3 years ago)
Added
2022-06-16 (about 3 years ago)
Last Updated
2023-03-19 (about 3 years ago)

Other

Published
Title
Published
2014-09-17
Title
Mobiloud < 2.3.8 - Multiple Cross-Site Scripting (XSS)
Published
2024-12-06
Title
Echoza <= 0.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting
Published
2022-06-27
Title
Simple Page Transition <= 1.4.1 - Admin+ Stored Cross-Site Scripting
Published
2013-07-23
Title
Download Monitor < 3.3.6.2 - Multiple Reflected Cross-Site Scripting
Published
2024-08-07
Title
Card Elements for Elementor < 1.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting