WordPress Slideshow, Image Slider by 2J plugin <= 1.3.54 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Vulnerable versions
<= 1.3.54
PSID
34488dcd2491
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires contributor or higher role user authentication.
Publicly disclosed
2022-05-04
Patchstack vPatch available since
09.12.2021
Details
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Tien Nguyen Ahn aka vigov5 (Patchstack Alliance) in WordPress Slideshow, Image Slider by 2J plugin (versions <= 1.3.54).
Solution
No patched version is available. No reply from the vendor.
References
CVE-2022-29426
Plugin changelog