CVE-2024-6026

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web WordPress plugin version 1.2.55 and earlier

Description: The issue concerns the Slider by 10Web WordPress plugin, which does not properly sanitise and escape some of its Slide options. This could allow authenticated users with access to the Sliders, by default Administrators, and the ability to add images, to perform Stored Cross-Site Scripting attacks.

Recommendations: For versions prior to 1.2.56, update to version 1.2.56 or later to resolve the issue. As a temporary workaround, consider restricting access to the Sliders and limiting the ability to add images to trusted users only, until a patch is applied.