CVE-2022-3074 - Vulnerability Details - OpenCVE

The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Quantumcloud	Slider Hero

Configuration 1 [-]

cpe:2.3:a:quantumcloud:slider_hero:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3

History

Thu, 22 May 2025 14:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-09-26T12:35:41.000Z

Updated: 2025-05-22T14:04:06.028Z

Reserved: 2022-09-01T00:00:00.000Z

Link: CVE-2022-3074

Vulnrichment

Updated: 2024-08-03T01:00:10.538Z

NVD

Status : Modified

Published: 2022-09-26T13:15:11.013

Modified: 2025-05-22T14:16:00.340

Link: CVE-2022-3074

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Slider Hero with Animation, Video Background", "vendor": "Unknown", "versions": [{"lessThan": "8.4.4", "status": "affected", "version": "8.4.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "yuyudhn"}], "descriptions": [{"lang": "en", "value": "The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-26T12:35:41.000Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3"}], "source": {"discovery": "EXTERNAL"}, "title": "Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-3074", "STATE": "PUBLIC", "TITLE": "Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Slider Hero with Animation, Video Background", "version": {"version_data": [{"version_affected": "<", "version_name": "8.4.4", "version_value": "8.4.4"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "yuyudhn"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-Site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.538Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3"}]}, {"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-22T14:04:00.091774Z", "id": "CVE-2022-3074", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-22T14:04:06.028Z"}}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-3074", "datePublished": "2022-09-26T12:35:41.000Z", "dateReserved": "2022-09-01T00:00:00.000Z", "dateUpdated": "2025-05-22T14:04:06.028Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "Slider Hero with Animation, Video Background", "vendor": "Unknown", "versions": [{"lessThan": "8.4.4", "status": "affected", "version": "8.4.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "yuyudhn"}], "descriptions": [{"lang": "en", "value": "The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Cross-Site Scripting (XSS)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-09-26T12:35:41.000Z", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3"}], "source": {"discovery": "EXTERNAL"}, "title": "Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-3074", "STATE": "PUBLIC", "TITLE": "Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Slider Hero with Animation, Video Background", "version": {"version_data": [{"version_affected": "<", "version_name": "8.4.4", "version_value": "8.4.4"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "yuyudhn"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79 Cross-Site Scripting (XSS)"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T01:00:10.538Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-3074", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-22T14:04:00.091774Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-22T14:03:51.993Z"}}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-3074", "datePublished": "2022-09-26T12:35:41.000Z", "dateReserved": "2022-09-01T00:00:00.000Z", "dateUpdated": "2025-05-22T14:04:06.028Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:quantumcloud:slider_hero:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "12377C5D-FB7A-4C35-919F-48E1905F0776", "versionEndExcluding": "8.4.4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks."}, {"lang": "es", "value": "El plugin Slider Hero de WordPress versiones anteriores a 8.4.4, no escapa del nombre del slider, lo que podr\u00eda permitir a usuarios con altos privilegios llevar a cabo ataques de tipo Cross-Site Scripting.\n"}], "id": "CVE-2022-3074", "lastModified": "2025-05-22T14:16:00.340", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-09-26T13:15:11.013", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/90ebaedc-89df-413f-b22e-753d4dd5e1c3"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "contact@wpscan.com", "type": "Secondary"}]}