cleantalk
Vulnerabilities and Security Researches

Accordion Slider, CVE-2024-9582

CVE, Research URL

CVE-2024-9582

Home page URL

Security reports for Accordion Slider

Application

Accordion Slider

Published on
Oct 16, 2024
Research Description
The Accordion Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘html’ attribute of an accordion slider in all versions up to, and including, 1.9.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. NOTE: Successful exploitation by Contributor-level users requires an Administrator-level user to provide access to the plugin's admin area via the `Access` plugin setting, which is restricted to administrators by default.
Affected versions
Min -, max 1.9.12.
Status
vulnerable
Previous vulnerability researches
Accordion Slider Lite (CVE-2024-11892) , Jan 12, 2025
Accordion Slider (CVE-2024-9582) , Oct 17, 2024
Accordion Slider (a2445cf94cd548f02bbbcd9e1cbd090255c550ed) , Jun 07, 2024
Accordion Slider (CVE-2023-40331) , Jun 10, 2024
Accordion Slider (CVE-2024-5020) , Dec 07, 2024
New vulnerability
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-3623) , May 15, 2025
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-4520) , May 15, 2025
WP Content Security Plugin (CVE-2025-4579) , May 15, 2025
B2i Investor Tools (CVE-2025-47458) , May 15, 2025
UiPress lite | Effortless custom dashboards, admin themes and pages (CVE-2025-3053) , May 15, 2025