Master Slider <= 3.7.0 – Authenticated Stored Cross-Site Scripting (XSS)

  • DO NOT USE THIS PLUGIN – www.remarpro.com YOU NEED TO REMOVE THIS PLUGIN IMMEDIATELY.

    The plugin does not properly sanitise the slider name when creating or editing a slider, leading to an Authenticated (editor+) Stored Cross-Site Scripting issue which will be triggered in the Slider table (/wp-admin/admin.php?page=master-slider).

From WPScanTeam:

- The original report was from 2018, however, the issue was never remediated.

- Multiple attempts were made to contact the vendor, but no response was received
Viewing 1 replies (of 1 total)
  • Plugin Author averta

    (@averta)

    This issue is fixed in the latest update. Thanks for the report

    • This reply was modified 3 years, 7 months ago by averta.
Viewing 1 replies (of 1 total)
  • The topic ‘Master Slider <= 3.7.0 – Authenticated Stored Cross-Site Scripting (XSS)’ is closed to new replies.