CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34443 – WordPress Slider Revolution plugin < 6.7.11 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-34443
28 May 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemePunch OHG Slider Revolution allows Stored XSS.This issue affects Slider Revolution: from n/a before 6.7.11. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en ThemePunch OHG Slider Revolution permite XSS Almacenado. Este problema afecta a Slider Revolution: desde n/a antes de 6.7.11. The Slider Revolution plugin for... • https://patchstack.com/articles/unauthenticated-xss-vulnerability-patched-in-slider-revolution-plugin?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34444 – WordPress Slider Revolution plugin < 6.7.0 - Unauthenticated Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-34444
28 May 2024 — Missing Authorization vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a before 6.7.0. Vulnerabilidad de autorización faltante en ThemePunch OHG Slider Revolution. Este problema afecta a Slider Revolution: desde n/a antes de 6.7.0. The Slider Revolution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_rest_api function in versions up to 6.7.0. This makes it possible for unauthenticated attacker... • https://patchstack.com/articles/unauthenticated-xss-vulnerability-patched-in-slider-revolution-plugin?_s_id=cve • CWE-862: Missing Authorization •