cleantalk
Vulnerabilities and Security Researches

Accordion Slider, CVE-2024-5020

CVE, Research URL

CVE-2024-5020

Home page URL

Security reports for Accordion Slider

Application

Accordion Slider

Published on
Dec 04, 2024
Research Description
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.9.13.
Status
vulnerable
Previous vulnerability researches
Colibri Page Builder (CVE-2025-32185) , Apr 05, 2025
Colibri Page Builder (CVE-2024-4451) , Jun 08, 2024
Colibri Page Builder (CVE-2024-5020) , Dec 06, 2024
Colibri Page Builder (CVE-2024-1361) , Jun 07, 2024
Colibri Page Builder (CVE-2024-28004) , Jun 07, 2024
New vulnerability
3DPrint Lite (CVE-2025-3428) , Apr 09, 2025
3DPrint Lite (CVE-2025-3429) , Apr 09, 2025
3DPrint Lite (CVE-2025-3427) , Apr 09, 2025
3DPrint Lite (CVE-2025-3430) , Apr 09, 2025
Widgetize Pages Light (CVE-2025-32117) , Apr 09, 2025