Stored Cross-Site Scripting in Accordion Slider Lite Plugin for WordPress
CVE-2024-11892
6.4MEDIUM
What is CVE-2024-11892?
The Accordion Slider Lite plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its 'accordion_slider' shortcode. This flaw arises from inadequate input sanitization and output escaping on attributes supplied by users. Authenticated attackers with contributor-level access can exploit this vulnerability to inject arbitrary web scripts into pages, which will execute whenever another user accesses the compromised page. This poses significant risks to website integrity and user safety.
Affected Version(s)
Accordion Slider Lite * <= 1.5.1