CVE-2022-29438
WordPress Image Slider by NextCode plugin <= 1.1.2 - Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilityAuthenticated (author or higher user role) Persistent Cross-Site Scripting (XSS) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress.
We have discovered 269 live websites that are affected by CVE-2022-29438.
Affected Software
| Product |  Baslider |
| Category | Wordpress Plugins |
| Vulnerable Domains | 269 live websites (100% of Baslider install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jun 15, 2022
- Updated - Feb 20, 2025
Credits
- Vulnerability discovered by BEE-K (Patchstack)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2022-29438 United States | 68 websites |
 Germany | 26 websites |
 GB | 15 websites |
 Italy | 15 websites |
 France | 13 websites |
 Brazil | 10 websites |
 Spain | 10 websites |
 Netherlands | 9 websites |
 Canada | 7 websites |
 Switzerland | 7 websites |
Website Distribution by TLD
Number of websites using CVE-2022-29438| .com | 97 websites |
| .org | 24 websites |
| .de | 13 websites |
| .co.uk | 10 websites |
| .it | 9 websites |
| .fr | 8 websites |
| .nl | 7 websites |
| .com.br | 7 websites |
| .es | 5 websites |
| .cz | 5 websites |
Websites affected by CVE-2022-29438
Top websites that are affected by CVE-2022-29438. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********.org | Canada | ***,*** | |
| **********.org | Germany | ***,*** | |
| ******************.**.uk | GB | *,***,*** | |
| **********.es | Spain | *,***,*** | |
| *************************.fr | France | *,***,*** | |
| **********.***.sg |  Singapore | *,***,*** | |
| ****************.com | United States | *,***,*** | |
| **********************.de | Germany | *,***,*** | |
| **********************.***.au |  Australia | *,***,*** | |
| **********.it | Italy | *,***,*** |
FAQ
CVE-2022-29438 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Baslider
A total of 269 websites have been identified as vulnerable to CVE-2022-29438, based on global website indexing conducted by WebTechSurvey.
The Baslider is affected by the CVE-2022-29438 vulnerability.
Baslider versions up to and including 1.1.2 are vulnerable to CVE-2022-29438.