CVE-2024-10565

Medium CVSS: 6.1

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor

10web

Product

Slider

CWE

CWE-79

Yayın Tarihi

2025-03-25 06:15:38

Güncelleme

2025-04-02 17:38:01

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-79 Slider MEDIUM 10web 2025

Referanslar

https://wpscan.com/vulnerability/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22/

Benzer Kayıtlar

Critical

CVE-2025-13377

The 10Web Booster – Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbit…

Medium

CVE-2024-8670

The Photo Gallery by 10Web WordPress plugin before 1.8.29 does not sanitise and escape some of its settings, which coul…

Medium

CVE-2024-13053

The Form Maker by 10Web WordPress plugin before 1.15.33 does not sanitise and escape some of its settings, which could…

Medium

CVE-2024-10680

The Form Maker by 10Web WordPress plugin before 1.15.32 does not sanitise and escape some of its settings, which could…

Medium

CVE-2025-0613

The Photo Gallery by 10Web WordPress plugin before 1.8.34 does not sanitised and escaped comment added on images by una…

Medium

CVE-2024-10566

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow…