CVE-2022-1301

Name of the Vulnerable Software and Affected Versions WP Contact Slider WordPress plugin versions prior to 2.4.7

Description The issue allows high privileged users, such as editors and above, to perform Cross-Site Scripting attacks. This is possible because the Text to Display settings of sliders are not properly sanitized and escaped, even when the unfiltered html is disallowed.

Recommendations For versions prior to 2.4.7, update to version 2.4.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Text to Display settings in sliders to minimize the risk of exploitation.