Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Wpexperts›Applicationnvd,anchore_overrides

Wp Contact Slider

Vulnerabilities

3

Known exploited

0

Max CVSS

6.3

Top EPSS

0.00532

Severity breakdown

Critical

0

High

0

Medium

3

Low

0

Affected version ranges

< 2.4.5< 2.4.7< 2.4.8

Also matched as (raw): wp_contact_slider

Top vulnerabilities

CVE-2022-4974The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

CVE-2022-3237The WP Contact Slider WordPress plugin before 2.4.8 does not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

CVE-2022-1301The WP Contact Slider WordPress plugin before 2.4.7 does not sanitize and escape the Text to Display settings of sliders, which could allow high privileged users such as editor and above to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

View vendor →Open in catalog with product filter →