Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin by Unknown

    CVE-2022-2823 (GCVE-0-2022-2823)

    Vulnerability from nvd – Published: 2022-10-10 00:00 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting
    Summary
    The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-Site Scripting (XSS)
    Assigner
    Impacted products
    Credits
    Anurag Bhoir
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive WordPress Plugin",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.27.9",
                  "status": "affected",
                  "version": "3.27.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Anurag Bhoir"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-10T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Slider, Gallery, and Carousel by MetaSlider \u003c 3.27.9 - Admin+ Stored Cross Site Scripting",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2823",
        "datePublished": "2022-10-10T00:00:00.000Z",
        "dateReserved": "2022-08-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-2823 (GCVE-0-2022-2823)

    Vulnerability from cvelistv5 – Published: 2022-10-10 00:00 – Updated: 2024-08-03 00:52
    VLAI
    Title
    Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting
    Summary
    The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-Site Scripting (XSS)
    Assigner
    Impacted products
    Credits
    Anurag Bhoir
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T00:52:59.620Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Slider, Gallery, and Carousel by MetaSlider \u2013 Responsive WordPress Plugin",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "3.27.9",
                  "status": "affected",
                  "version": "3.27.9",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Anurag Bhoir"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-10-10T00:00:00.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "url": "https://wpscan.com/vulnerability/c88c85b3-2830-4354-99fd-af6bce6bb4ef"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Slider, Gallery, and Carousel by MetaSlider \u003c 3.27.9 - Admin+ Stored Cross Site Scripting",
          "x_generator": "WPScan CVE Generator"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2022-2823",
        "datePublished": "2022-10-10T00:00:00.000Z",
        "dateReserved": "2022-08-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T00:52:59.620Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }