CVE-2022-3074

CVE-2022-3074: Slider Hero < 8.4.4 - Admin+ Stored Cross-Site Scripting

Vendor Unknown

Product Slider Hero with Animation, Video Background

Weakness CWE-79 · XSS

Published September 26, 2022

Last update May 22, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.

Key dates

02Disclosure timeline

September 26, 2022 CVE published

May 22, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3074 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-68848 WordPress amr cron manager plugin <= 2.3 - Reflecte dCross Site Scripting (XSS) vulnerability CVE-2022-39270 Arbitrary HTML injection in table-of-contents theme component in DiscoTOC CVE-2024-35753 WordPress TemplatesNext OnePager plugin <= 1.3.3 - Cross Site Scripting (XSS) vulnerability CVE-2024-32130 WordPress Payment Forms for Paystack plugin <= 3.4.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-43950 WordPress Brickscore plugin <= 1.4.2.5 - Cross Site Scripting (XSS) vulnerability