CVE-2022-45375: WordPress iFeature Slider plugin <= 1.2 - Auth. Stored Cross-Site Scripting (XSS) vulnerability - Patchstack

Verified

Not fixed

5.4

CVSS 3.1 score Medium severity

Report

Monitoring Not reported to be exploited

Vulnerable versions

<= 1.2

PSID

dc3b0c71150c

Classification

Cross Site Scripting (XSS)

OWASP Top 10

A7: Cross-Site Scripting (XSS)

Required privilege

Requires contributor or higher role user authentication.

Publicly disclosed

2022-11-17

Details

Auth. Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in the WordPress iFeature Slider plugin (versions <= 1.2).

Solution

No patched version is available. No reply from the author.

References