CVE-2023-0660

CVSS V2 None CVSS V3 None
Description
The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Overview
  • CVE ID
  • CVE-2023-0660
  • Assigner
  • contact@wpscan.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-03-27T16:15:09
  • Last Modified Date
  • 2023-03-31T15:32:27
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:nextendweb:smart_slider_3:*:*:*:*:*:wordpress:*:* 1 OR 3.5.1.14
References
Reference URL Reference Tags
https://wpscan.com/vulnerability/3fe712bc-ce7f-4b30-9fc7-1ff15aa5b6ce Exploit Third Party Advisory
History
Created Old Value New Value Data Type Notes
2023-04-17 03:32:17 Added to TrackCVE
2023-04-17 03:32:20 Weakness Enumeration new