CVE-2024-6408

CWE-79Cross-site Scripting (XSS)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.4%
top 39.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Unknown Slider BY 10web10web Slider
Timeline
PublishedJul 31

Description

The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

NVD10web/slider< 1.2.57
CVEListV5unknown/slider_by_10web< 1.2.57

🔴Vulnerability Details

2
GHSA
GHSA-rh6j-hw6c-hv3x: The Slider by 10Web WordPress plugin before 12024-07-31
CVEList
Slider by 10Web < 1.2.57 - Editor+ Stored XSS2024-07-31
CVE-2024-6408 (MEDIUM CVSS 5.4) | The Slider by 10Web WordPress plugi | cvebase.io