Welcome to WordPress Community Forum. Please login or sign up.

Nov 25, 2024, 06:27 AM

Login with username, password and session length

Shoutbox


Recent

Members
Stats
  • Total Posts: 55
  • Total Topics: 45
  • Online today: 1
  • Online ever: 136 (Apr 17, 2022, 11:37 PM)
Users Online
  • Users: 0
  • Guests: 3
  • Total: 3
3 Guests, 0 Users

WordPress WP Contact Slider plugin <= 2.4.6 - Cross-Site Scripting Vulnerability

Started by Kailash, Jun 15, 2022, 10:21 AM

Previous topic - Next topic

WordPress Premium Themes


Kailash

WordPress WP Contact Slider plugin <= 2.4.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: WP Contact Slider
Vulnerable versions: <= 2.4.6
Fixed in: 2.4.7
CVE ID: CVE-2022-1301
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Fayçal CHENA in WordPress WP Contact Slider plugin (versions <= 2.4.6).

Solution

Update the WordPress WP Contact Slider plugin to the latest available version (at least 2.4.7).

Plugin Link: https://wordpress.org/plugins/wp-contact-slider/

WordPress Premium Themes