Unfiltered HTML Setting Vulnerability in WP Google Review Slider WordPress Plugin
CVE-2024-2310

Currently unrated

Key Information:

Vendor: Wordpress
Status: WP Google Review Slider
Vendor: CVE Published:; 26 April 2024

What is CVE-2024-2310?

The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

References

https://wpscan.com/vulnerability/7a2c173c-19e3-4f48-b3af-...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2024

Wordpress

What is CVE-2024-2310?

References

Timeline