Headline
CVE-2022-25609: WordPress Yoo Slider plugin <= 2.0.0 - Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Stored Cross-Site Scripting (XSS) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers with contributor or higher user role to inject the malicious code.
yoo-slider
Software
Yoo Slider
Vulnerable Versions
<= 2.0.0
Fixed in version
2.1.0
CVE
CVE-2022-25609
References
Credits
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Disclosure Date
2022-03-21
CVSS 3.0 score
Requires contributor or higher role user authentication.
Are your websites subject to this vulnerability?
Details
Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Yoo Slider plugin (versions <= 2.0.0).
Solution
Update the WordPress Yoo Slider plugin to the latest available version (at least 2.1.0).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.