The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
History

Mon, 17 Mar 2025 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Kreaturamedia
Kreaturamedia layerslider
CPEs cpe:2.3:a:layslider:layslider:*:*:*:*:*:wordpress:*:* cpe:2.3:a:kreaturamedia:layerslider:*:*:*:*:*:wordpress:*:*
Vendors & Products Layslider
Layslider layslider
Kreaturamedia
Kreaturamedia layerslider

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-04-25T15:51:19

Updated: 2024-08-02T23:55:24.085Z

Reserved: 2022-03-29T00:00:00

Link: CVE-2022-1153

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2022-04-25T16:16:08.517

Modified: 2025-03-17T16:58:36.687

Link: CVE-2022-1153

cve-icon Redhat

No data.