Slider comparison image before and after <= 0.8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
CVE-2024-8543
5.4MEDIUM
Key Information:
- Vendor
- Wordpress
- Vendor
- CVE Published:
- 10 September 2024
Summary
The Slider Comparison Image plugin for WordPress is susceptible to Stored Cross-Site Scripting (XSS) due to inadequate input sanitization and output escaping of user-supplied attributes. This vulnerability allows authenticated attackers with contributor-level access and above to inject malicious web scripts through the plugin's shortcode functionality. When these scripts are executed, they pose a risk to users who visit the compromised pages, effectively creating a pathway for various attacks, including data theft and session hijacking. All versions up to and including 0.8.3 are impacted by this security flaw.
Affected Version(s)
Slider comparison image before and after * <= 0.8.3
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Krzysztof Zając