Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
LOW Integrity impact
LOW Availability impact
NONE network
low complexity
wpwax
Published: 2022-06-20
Updated: 2024-11-21
Summary
The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Vulnerable Configurations
Part | Description | Count |
Application | Wpwax - Wpwax Post Grid, Slider & Carousel Ultimate -
- Wpwax Post Grid, Slider & Carousel Ultimate 1.0.0
- Wpwax Post Grid, Slider & Carousel Ultimate 1.0.1
- Wpwax Post Grid, Slider & Carousel Ultimate 1.0.2
- Wpwax Post Grid, Slider & Carousel Ultimate 1.1.0
- Wpwax Post Grid, Slider & Carousel Ultimate 1.1.1
- Wpwax Post Grid, Slider & Carousel Ultimate 1.2.0
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.0
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.1
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.2
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.3
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.4
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.5
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.6
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.7
- Wpwax Post Grid, Slider & Carousel Ultimate 1.3.8
- Wpwax Post Grid, Slider & Carousel Ultimate 1.4.0
- Wpwax Post Grid, Slider & Carousel Ultimate 1.4.1
- Wpwax Post Grid, Slider & Carousel Ultimate 1.4.2
- Wpwax Post Grid, Slider & Carousel Ultimate 1.4.3
| 20 |