Skip to main content

Prime Slider CVE-2024-3997

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2024-05-23 security@wordfence.com
6.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.4 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

2
Patch released
Apr 08, 2026 - 18:22 nvd
Patch available
CVE Published
May 23, 2024 - 11:15 nvd
MEDIUM 6.4

DescriptionCVE.org

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

AnalysisAI

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pagepiling widget in all versions up to, and including, 3.14.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected products include: Bdthemes Prime Slider.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2024-32682 HIGH
7.1 Apr 22

Missing Authorization vulnerability in BdThemes Prime Slider - Addons For Elementor.13.2. Rated high severity (CVSS 7.1)

CVE-2024-30186 MEDIUM
6.5 Mar 27

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BdThemes Prime Sli

CVE-2024-5640 MEDIUM
6.4 Jun 07

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is

CVE-2024-4339 MEDIUM
6.4 May 14

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is

CVE-2024-1508 MEDIUM
6.4 Mar 13

The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'setti

CVE-2024-1507 MEDIUM
6.4 Mar 13

The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title

CVE-2024-1506 MEDIUM
6.4 Mar 07

The Prime Slider - Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title

CVE-2024-1730 MEDIUM
5.4 Apr 20

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slid

CVE-2024-8442 MEDIUM
5.4 Nov 07

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is

CVE-2024-32681 MEDIUM
4.3 Apr 22

Missing Authorization vulnerability in BdThemes Prime Slider - Addons For Elementor.13.2. Rated medium severity (CVSS 4.

CVE-2024-24883 MEDIUM
4.3 Apr 11

Missing Authorization vulnerability in BdThemes Prime Slider - Addons For Elementor.11.10. Rated medium severity (CVSS 4

CVE-2024-12043 MEDIUM
6.4 Jan 23

The Prime Slider - Addons For Elementor (Revolution of a slider, Hero Slider, Post Slider and Ecommerce Slider) plugin f

Share

CVE-2024-3997 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy