CVE-2022-2413

Name of the Vulnerable Software and Affected Versions Slide Anything WordPress plugin versions prior to 2.3.47

Description The issue arises from the improper sanitization or escaping of the slide title before it is outputted in the admin pages. This allows a logged-in user with roles as low as Author to inject a JavaScript payload into the slide title, even when the unfiltered html capability is disabled.

Recommendations For versions prior to 2.3.47, update to version 2.3.47 or later to resolve the issue. As a temporary workaround, consider restricting the ability to edit slide titles to higher roles until the update can be applied.