Vulnerability CVE-2022-1301


Published: 2022-07-04

Description:
The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://wpscan.com/vulnerability/69b75983-1010-453e-bf67-27b4a2a327a8

Copyright 2022, cxsecurity.com

 

Back to Top