CVE-2023-5362 — Vulnetix

Try Vulnetix Request Demo

CVE-2023-5362 PUBLISHED CVSS 6.400000095367432 MEDIUM

The Carousel, Recent Post Slider and Banner Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'spice_post_slider' shortcode in versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

EPSS 0.09% · 25.5th percentile

Risk Scores

CVSS v3.1

6.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

EPSS Score

0.09%

25.5th percentile

Affected Products

Vendor	Product	Versions
spicethemes	Carousel, Recent Post Slider and Banner Slider	0, 0, 0
spicethemes	carousel\,_recent_post_slider_and_banner_slider	0, 0, 0

Timeline

Oct 30, 2023 CVE Published
Oct 31, 2023 EPSS Score
Nov 30, 2023 EPSS Score
Dec 30, 2023 EPSS Score
Jan 30, 2024 EPSS Score
Feb 29, 2024 EPSS Score
Mar 30, 2024 EPSS Score
Apr 29, 2024 EPSS Score
May 29, 2024 EPSS Score
Jul 29, 2024 EPSS Score
Aug 28, 2024 EPSS Score
Sep 27, 2024 EPSS Score

References

Open in Interactive Console →