Headline
CVE-2022-32280: WordPress XO Slider plugin <= 3.3.2 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Xakuro’s XO Slider plugin <= 3.3.2 at WordPress.
Verified
Fixed
5.4
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
680aa33be28a
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires contributor or higher role user authentication.
Publicly disclosed
2022-06-14
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress XO Slider plugin (versions <= 3.3.2).
Solution
Update the WordPress XO Slider plugin to the latest available version (at least 3.3.3).
References