Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-29424: WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari’s Image Hover Effects Ultimate plugin <= 9.7.1 at WordPress.

CVE
#xss#vulnerability#web#wordpress#auth

image-hover-effects-ultimate

Software

Image Hover Effects Ultimate

Vulnerable Versions

<= 9.7.1

Fixed in version

9.7.2

CVE

CVE-2022-29424

References

Credits

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Disclosure Date

2022-05-04

CVSS 3.0 score

Requires high role user authentication like admin.

Are your websites subject to this vulnerability?

Details

Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered by Nguy Minh Tuan (Patchstack Alliance) in WordPress Image Hover Effects Ultimate plugin (versions <= 9.7.1).

Solution

Update the WordPress Image Hover Effects Ultimate plugin to the latest available version (at least 9.7.2).

Found a vulnerability that puts your sites at risk?

Found a vulnerability? Help us secure the web and join our community of ethical hackers.

Are you the developer of this software? Hire our researchers for a thorough security audit.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907