CVE-2024-6026
Last modified
CVE-2024-6026 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| 10web | Slider | < 1.2.56 |
References
- https://wpscan.com/vulnerability/01609d84-e9eb-46a9-b2cc-fe7e0c982984/Exploit, Third Party Advisory
- https://wpscan.com/vulnerability/01609d84-e9eb-46a9-b2cc-fe7e0c982984/Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-6026?
How severe is CVE-2024-6026?
How do I fix CVE-2024-6026?
Are you affected by CVE-2024-6026?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST