CVE-2023-28499
WordPress Slide Anything Plugin <= 2.4.9 is vulnerable to Cross Site Scripting (XSS)Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin <= 2.4.9 versions.
We have discovered 13,087 live websites that are affected by CVE-2023-28499.
Affected Software
| Product |  Slide Anything |
| Category | Wordpress Plugins |
| Vulnerable Domains | 13,087 live websites (82.85% of Slide Anything install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 4 versions ( 66.67% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Nov 7, 2023
- Updated - Aug 2, 2024
Credits
- FearZzZz (Patchstack Alliance) (finder)
CWE
CVE References
CWE References
CVE-2023-28499 usage by Country
 United States | 5,201 websites |
 Germany | 1,402 websites |
 France | 685 websites |
 GB | 603 websites |
 Russia | 478 websites |
 Poland | 446 websites |
 Netherlands | 316 websites |
 Australia | 259 websites |
 Italy | 249 websites |
 Cyprus | 230 websites |
CVE-2023-28499 usage by TLD
| .com | 5,658 websites |
| .de | 652 websites |
| .org | 600 websites |
| .co.uk | 481 websites |
| .ru | 386 websites |
| .com.au | 357 websites |
| .pl | 349 websites |
| .nl | 291 websites |
| .fr | 253 websites |
| .net | 250 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-28499
Top websites that are affected by CVE-2023-28499. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.org | United States | *,*** | |
| ******************.de | Germany | **,*** | |
| **********.com | GB | **,*** | |
| **************.com | United States | **,*** | |
| ***********.de | Germany | **,*** | |
| **************.org | United States | **,*** | |
| **************.ru | Russia | ***,*** | |
| ***********.com | United States | ***,*** | |
| ********.ca |  Canada | ***,*** | |
| ***********.***.uk | GB | ***,*** |
FAQ
CVE-2023-28499 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Slide Anything
A total of 13,087 websites have been identified as vulnerable to CVE-2023-28499, discovered through global website indexing conducted by WebTechSurvey.
Slide Anything is susceptible to CVE-2023-28499 vulnerability.
Slide Anything versions before, and including, 2.4.9 are vulnerable to CVE-2023-28499.