CVE-2024-11899
CVSS 3.1 Score 6.4 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 79
Summary
CVE-2024-11899 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Slider Pro Lite plugin for WordPress. This issue, present in all versions up to 1.4.1, allows authenticated attackers with contributor-level access or higher to inject malicious scripts. The shortcode 'sliderpro' is the culprit, where user-supplied attributes lack adequate input sanitization and output escaping, enabling the attacker to execute arbitrary web scripts on pages visited by unsuspecting users.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share