CVE-2024-1730 – The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media …

20 April 2024

Vuln ID: CVE-2024-1730

Published: 2024-04-20 04:15:08.163

Description: The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets in all versions up to, and including, 3.14.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Base Score: 5.4 – MEDIUM

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Source: NVD.NIST.GOV

Date:

20 April 2024

Categorie(s):

NVD

Tag(s):

NVD

Orum No Code Verify helps businesses validate bank accounts3 May 2024
Cisco IP Phone Vulnerability Let Attackers Trigger DoS Attack3 May 2024
Google Announces Passkeys Adopted by Over 400 Million Accounts3 May 2024
Threat Actors Renting Out Compromised Routers To Other Criminals3 May 2024
‘Junk gun’ ransomware: Peashooters can still pack a punch3 May 2024