Headline
CVE-2022-29424: WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari’s Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress.
image-hover-effects-ultimate
Software
Image Hover Effects Ultimate
Vulnerable Versions
<= 9.7.1
Fixed in version
9.7.2
CVE
CVE-2022-29424
References
Credits
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Disclosure Date
2022-05-04
CVSS 3.0 score
Requires high role user authentication like admin.
Are your websites subject to this vulnerability?
Details
Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance) in WordPress Image Hover Effects Ultimate plugin (versions <= 9.7.1).
Solution
Update the WordPress Image Hover Effects Ultimate plugin to the latest available version (at least 9.7.2).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.