Vulnerabilities and security researches foraccordion-slider accordion-slider

Dec 07, 2024

CVE, Research URL: CVE-2024-5020
Home page URL: Security reports for Accordion Slider
Application: Accordion Slider
Date: Dec 04, 2024
Research Description: Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Oct 17, 2024

CVE, Research URL: CVE-2024-9582
Home page URL: Security reports for Accordion Slider
Application: Accordion Slider
Date: Oct 16, 2024
Research Description: The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin's admin area via the `Access` plugin setting, which is restricted to administrators by default.
Affected versions: Min -, max -.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2023-40331
Home page URL: Security reports for Accordion Slider
Application: Accordion Slider
Date: Dec 13, 2024
Research Description: Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: a2445cf94cd548f02bbbcd9e1cbd090255c550ed
Home page URL: Security reports for Accordion Slider
Application: Accordion Slider
Date: Aug 16, 2023
Research Description: Accordion Slider [accordion-slider] < 1.9.7 WordPress Accordion Slider Plugin <= 1.9.6 is vulnerable to Broken Access Control Update the WordPress Accordion Slider plugin to the latest available version (at least 1.9.7). Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress Accordion Slider Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has been fixed in version 1.9.7.
Affected versions: Min -, max -.
Status: vulnerable