Headline
CVE-2022-29426: WordPress Slideshow, Image Slider by 2J plugin <= 1.3.54 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (contributor or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team’s Slideshow, Image Slider by 2J plugin <= 1.3.54 at WordPress.
2j-slideshow
Software
Images Slideshow by 2J
Vulnerable Versions
<= 1.3.54
Fixed in version
CVE
CVE-2022-29426
References
Credits
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Disclosure Date
2022-05-04
CVSS 3.0 score
Requires contributor or higher role user authentication.
Are your websites subject to this vulnerability?
Details
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Tien Nguyen Ahn aka vigov5 (Patchstack Alliance) in WordPress Slideshow, Image Slider by 2J plugin (versions <= 1.3.54).
Solution
No patched version is available. No reply from the vendor.
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.