CVE-2022-1335

CVE-2022-1335: Slideshow CK < 1.4.10 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Slideshow CK

Weakness CWE-79 · XSS

Published June 13, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

Key dates

02Disclosure timeline

June 13, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-1335 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2020-2503 Stored cross-site scripting vulnerability in QES CVE-2025-25132 WordPress Visitor Details plugin <= 1.0.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-53490 Multiple XSS in CampaignEvents CVE-2024-56256 WordPress Embed PDF Viewer plugin <= 2.3.1 - Cross Site Scripting (XSS) vulnerability CVE-2025-52736 WordPress Finale Lite Plugin <= 2.20.0 - Cross Site Scripting (XSS) Vulnerability