Search criteria
2 vulnerabilities found for Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin by Unknown
CVE-2022-2823 (GCVE-0-2022-2823)
Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 00:52
VLAI?
Title
Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting
Summary
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin |
Affected:
3.27.9 , < 3.27.9
(custom)
|
Credits
Anurag Bhoir
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive WordPress Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.27.9",
"status": "affected",
"version": "3.27.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anurag Bhoir"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Slider, Gallery, and Carousel by MetaSlider \u003c 3.27.9 - Admin+ Stored Cross Site Scripting",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2823",
"datePublished": "2022-10-10T00:00:00",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2823 (GCVE-0-2022-2823)
Vulnerability from nvd – Published: 2022-10-10 00:00 – Updated: 2024-08-03 00:52
VLAI?
Title
Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting
Summary
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Severity ?
No CVSS data available.
CWE
- CWE-79 - Cross-Site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin |
Affected:
3.27.9 , < 3.27.9
(custom)
|
Credits
Anurag Bhoir
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:52:59.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive WordPress Plugin",
"vendor": "Unknown",
"versions": [
{
"lessThan": "3.27.9",
"status": "affected",
"version": "3.27.9",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Anurag Bhoir"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-10T00:00:00",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Slider, Gallery, and Carousel by MetaSlider \u003c 3.27.9 - Admin+ Stored Cross Site Scripting",
"x_generator": "WPScan CVE Generator"
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2022-2823",
"datePublished": "2022-10-10T00:00:00",
"dateReserved": "2022-08-15T00:00:00",
"dateUpdated": "2024-08-03T00:52:59.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}