Text only | Text with Images

WordPress Community Forum

WordPress Support => WordPress Vulnerability => Topic started by: Kailash on Jun 15, 2022, 10:02 AM

Title: WordPress XO Slider plugin <= 3.3.2 - Cross-Site Scripting (XSS) Vulnerability
Post by: Kailash on Jun 15, 2022, 10:02 AM
WordPress XO Slider plugin <= 3.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Plugin name: XO Slider
Vulnerable versions: <= 3.3.2
Fixed in: 3.3.3
CVE ID: CVE-2022-32280
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-14

Vulnerability Details

Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress XO Slider plugin (versions <= 3.3.2).

Solution

Update the WordPress XO Slider plugin to the latest available version (at least 3.3.3).

Plugin Link: https://wordpress.org/plugins/xo-liteslider/
Text only | Text with Images