WordPress Community Forum
WordPress Support => WordPress Vulnerability => Topic started by: Kailash on Jun 15, 2022, 10:29 AM
WordPress WP Contact Slider plugin <= 2.4.6 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Plugin name: WP Contact Slider
Vulnerable versions: <= 2.4.6
Fixed in: 2.4.7
CVE ID: CVE-2022-1301
Classification: Cross Site Scripting (XSS)
Publicly disclosed: 2022-06-13
Vulnerability Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Fayçal CHENA in WordPress WP Contact Slider plugin (versions <= 2.4.6).
Solution
Update the WordPress WP Contact Slider plugin to the latest available version (at least 2.4.7).
Plugin Link: https://wordpress.org/plugins/wp-contact-slider/