Carousel Slider < 2.2.10 - Editor+ Stored XSS
CVE-2024-3703
Currently unrated
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 3 May 2024
Badges
πΎ Exploit Existsπ‘ Public PoC
Summary
The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks
Affected Version(s)
Carousel Slider 0 < 2.2.10
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Credit
Krugov Artyom
WPScan