CVE-2022-2823

CVE-2022-2823: Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting

Vendor Unknown
Product Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin
Weakness CWE-79 · XSS
Published October 10, 2022
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

Key dates

02Disclosure timeline

October 10, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-5884 Konica Minolta bizhub Display MFP Information List cross site scripting CVE-2025-58263 WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability CVE-2025-0710 CampCodes School Management Software Notice Board Page notice-list cross site scripting CVE-2022-50891 Owlfiles File Manager 12.0.1 Cross-Site Scripting via HTTP Server CVE-2024-2337 Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode