徽标滑块 < 4.5.0 - Author+ 存储型 XSS (CVE-2024-10473)
CVE编号
CVE-2024-10473
利用情况
暂无
补丁情况
N/A
披露时间
2024-11-28
漏洞描述
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
文章评论