CVE-2022-2413
Slide Anything < 2.3.47 - Author+ Cross Site Scripting in slide titleThe Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled.
We have discovered 13,087 live websites that are affected by CVE-2022-2413.
Affected Software
| Product |  Slide Anything |
| Category | Wordpress Plugins |
| Vulnerable Domains | 13,087 live websites (82.85% of Slide Anything install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 4 versions ( 66.67% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jan 16, 2024
- Updated - Aug 3, 2024
Credits
- Nhật Nam (or LacHa) (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2022-2413 usage by Country
 United States | 5,201 websites |
 Germany | 1,402 websites |
 France | 685 websites |
 GB | 603 websites |
 Russia | 478 websites |
 Poland | 446 websites |
 Netherlands | 316 websites |
 Australia | 259 websites |
 Italy | 249 websites |
 Cyprus | 230 websites |
CVE-2022-2413 usage by TLD
| .com | 5,658 websites |
| .de | 652 websites |
| .org | 600 websites |
| .co.uk | 481 websites |
| .ru | 386 websites |
| .com.au | 357 websites |
| .pl | 349 websites |
| .nl | 291 websites |
| .fr | 253 websites |
| .net | 250 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2022-2413
Top websites that are affected by CVE-2022-2413. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.org | United States | *,*** | |
| ******************.de | Germany | **,*** | |
| **********.com | GB | **,*** | |
| **************.com | United States | **,*** | |
| ***********.de | Germany | **,*** | |
| **************.org | United States | **,*** | |
| **************.ru | Russia | ***,*** | |
| ***********.com | United States | ***,*** | |
| ********.ca |  Canada | ***,*** | |
| ***********.***.uk | GB | ***,*** |
FAQ
CVE-2022-2413 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Slide Anything
A total of 13,087 websites have been identified as vulnerable to CVE-2022-2413, discovered through global website indexing conducted by WebTechSurvey.
Slide Anything is susceptible to CVE-2022-2413 vulnerability.
Slide Anything versions before 2.3.47 are vulnerable to CVE-2022-2413.
Version 2.3.47 of Slide Anything addresses the CVE-2022-2413 security vulnerability.