徽标滑块 < 4.5.0 - Contributor+ 存储型 XSS (CVE-2024-10896)
CVE编号
CVE-2024-10896
利用情况
暂无
补丁情况
N/A
披露时间
2024-11-28
漏洞描述
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting
解决建议
建议您更新当前系统或软件至最新版,完成漏洞的修复。
文章评论