Monitor free

Report

New Known

Exploited

Fixed

WordPress WP Contact Slider plugin <= 2.4.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

5.4

CVSS 3.1 score Medium severity

Report

Monitoring Monitoring Known to be exploited Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

WP Contact Slider

Type

Plugin

Vulnerable versions

<= 2.4.6

Fixed in

2.4.7

PSID

9b09906029ba

CVE ID

CVE-2022-1301

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Required privilege

Requires editor or higher role user authentication.

Credits

Fayçal CHENA

Publicly disclosed

2022-06-13

Patchstack vPatch available since

09.12.2021

Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Fayçal CHENA in WordPress WP Contact Slider plugin (versions <= 2.4.6).

Solution

Update the WordPress WP Contact Slider plugin to the latest available version (at least 2.4.7).

References