CVE-2024-13116

Name of the Vulnerable Software and Affected Versions Crelly Slider versions prior to 1.4.7

Description The issue arises from the plugin not sanitizing and escaping some of its settings, potentially allowing high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks. This could occur even in scenarios where the unfiltered html capability is disallowed, for example, in multisite setups.

Recommendations For versions prior to 1.4.7, update to version 1.4.7 or later to resolve the issue.