WordPress Plugin Vulnerabilities

Recent Posts Slider <= 1.1 - Unauthenticated Stored XSS

Description

The plugin does not sanitise and escape some parameters, which could allow unauthenticated attackers to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
recent-posts-slider
No known fix

References

CVE
CVE-2023-35043

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.8 (high)

Miscellaneous

Original Researcher
LEE SE HYOUNG
Verified
No
WPVDB ID
fb436d67-b7ba-4819-9a19-1299988cb82b

Timeline

Publicly Published
2023-06-13 (about 2 years ago)
Added
2023-08-07 (about 2 years ago)
Last Updated
2023-08-07 (about 2 years ago)

Other

Published
Title
Published
2022-11-09
Title
Simple Video Embedder <= 2.2 - Contributor+ Stored Cross-Site Scripting
Published
2023-10-13
Title
LeadSquared Suite <= 0.7.4 - Admin+ Stored XSS
Published
2022-06-22
Title
LearnPress < 4.1.6.7 - Reflected Cross-Site Scripting
Published
2021-10-18
Title
IMPress for IDX Broker < 3.0.6 - Reflected Cross-Site Scripting
Published
2024-11-08
Title
Anant Addons for Elementor < 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting