← back
CVE-2022-3074

Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting

CVSS 4.8 MEDIUMEPSS 0.5%CWE-79
The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Affected products
Unknown · Slider Hero with Animation, Video Background

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3