The LayerSlider WordPress plugin before 7.1.2 does not sanitise and escape Project's slug before outputting it back in various place, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Metrics
Affected Vendors & Products
References
History
Mon, 17 Mar 2025 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Kreaturamedia
Kreaturamedia layerslider |
|
CPEs | cpe:2.3:a:kreaturamedia:layerslider:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
Layslider
Layslider layslider |
Kreaturamedia
Kreaturamedia layerslider |

Status: PUBLISHED
Assigner: WPScan
Published: 2022-04-25T15:51:19
Updated: 2024-08-02T23:55:24.085Z
Reserved: 2022-03-29T00:00:00
Link: CVE-2022-1153

No data.

Status : Modified
Published: 2022-04-25T16:16:08.517
Modified: 2025-03-17T16:58:36.687
Link: CVE-2022-1153

No data.