Security Advisory

CVE-2024-3703

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-03 06:00:02

Last updated 2024-11-29 15:40:28

Assigner WPScan

State PUBLISHED

Description

The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks

← Browse all CVEs View on cve.org ↗