CVSS 3.1 Score 6.4 of 10 (medium)


Published Apr 11, 2024


CVE-2024-3285 is a vulnerability found in the Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress. This vulnerability affects all versions up to and including 3.70.0 of the plugin. The vulnerability allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages using the 'metaslider' shortcode. Insufficient input sanitization and output escaping on user supplied attributes are responsible for this vulnerability. The potential danger lies in the ability of attackers to execute these injected scripts whenever a user accesses an affected page. Remediation for this vulnerability involves updating the plugin to a version beyond 3.70.0, which addresses the issue of insufficient input sanitization and output escaping.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-3285 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options