Skip to main content

UberSlider Ultra CVE-2026-28099

HIGH
Cross-site Scripting (XSS) (CWE-79)
2026-03-05 audit@patchstack.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Updated
Apr 23, 2026 - 00:21 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 22, 2026 - 21:37 vuln.today
cvss_changed
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 05, 2026 - 06:16 nvd
HIGH 7.1

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup UberSlider Ultra uberSlider_ultra allows Reflected XSS.This issue affects UberSlider Ultra: from n/a through <= 2.3.

AnalysisAI

Reflected cross-site scripting in UberSlider Ultra WordPress plugin (versions ≤2.3) enables remote attackers to execute arbitrary JavaScript in victim browsers via crafted URLs. The vulnerability requires user interaction (clicking a malicious link) but needs no authentication. EPSS exploitation probability is low (0.04%, 10th percentile), and no active exploitation or public proof-of-concept has been identified at time of analysis. The changed scope (S:C) in the CVSS vector indicates potential impact beyond the vulnerable component itself.

Technical ContextAI

This is a reflected cross-site scripting (CWE-79) vulnerability in UberSlider Ultra, a WordPress slider plugin by LambertGroup. Reflected XSS occurs when user-supplied input is immediately returned in the HTTP response without proper sanitization or output encoding. In WordPress plugins, this typically manifests in admin interfaces or shortcode handlers that echo request parameters (GET/POST) directly into HTML output. The vulnerability allows injection of malicious JavaScript code that executes in the security context of the WordPress site. The changed scope (S:C) in CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L suggests the injected script can affect resources beyond the plugin itself, potentially accessing WordPress session cookies, CSRF tokens, or performing actions as the authenticated victim.

Affected ProductsAI

WordPress plugin UberSlider Ultra by LambertGroup, all versions from earliest release through version 2.3 inclusive. The vulnerability report sourced from Patchstack (audit@patchstack.com) provides specific version boundary at 2.3. No CPE identifier was provided in available data. Vendor advisory and detailed affected version enumeration available at https://patchstack.com/database/Wordpress/Plugin/uberSlider_ultra/vulnerability/wordpress-uberslider-ultra-plugin-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

RemediationAI

Upgrade UberSlider Ultra to a version newer than 2.3 if the vendor has released a patched version. Check the WordPress plugin repository or contact LambertGroup directly for the latest secure version, as the exact fix version was not specified in available data. Review the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/uberSlider_ultra/ for vendor-confirmed patch status and release notes. If no patch is available, implement compensating controls: restrict plugin access to trusted administrators only through WordPress role management, deploy web application firewall rules to filter XSS patterns in requests to plugin endpoints (though this may cause false positives with legitimate slider content containing HTML), educate administrative users about phishing risks and link verification before clicking, and consider disabling the plugin until a patch is released if slider functionality is non-critical. Monitor WordPress access logs for suspicious query parameters containing script tags or JavaScript event handlers targeting UberSlider endpoints.

Share

CVE-2026-28099 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy