Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.4
CVSSv3

CVE-2023-5362

Published: 30/10/2023 Updated: 13/11/2023
CVSS v3 Base Score: 5.4 | Impact Score: 2.7 | Exploitability Score: 2.3
VMScore: 0

Vulnerability Summary

The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Vulnerable Product Search on Vulmon Subscribe to Product

spicethemes carousel\\, recent post slider and banner slider

References

CWE-79https://www.wordfence.com/threat-intel/vulnerabilities/id/c0dd70b9-6f8a-41fc-ab4f-f6cdfee8dfb8?source=cvehttps://plugins.trac.wordpress.org/browser/spice-post-slider/tags/1.9/include/view/shortcode.php#L102https://plugins.trac.wordpress.org/browser/spice-post-slider/tags/2.0.1/include/view/shortcode.php?rev=2981648#L102https://plugins.trac.wordpress.org/changeset/2981654/spice-post-sliderhttps://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954CVE-2024-36933CVE-2024-24919CVE-2024-36923CVE-2024-2961CVE-2024-36925bypassencryptioncommand injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook