CVE-2024-6408
Slider by 10Web < 1.2.57 - Editor+ Stored XSSThe Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
We have discovered 6,698 live websites that are affected by CVE-2024-6408.
Affected Software
| Product |  Slider Wd |
| Category | Wordpress Plugins |
| Vulnerable Domains | 6,698 live websites (61.78% of Slider Wd install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 188 versions ( 61.84% of all versions) |
Common Weakness Enumeration
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')Details
- Published - Jul 31, 2024
- Updated - Jul 31, 2024
Credits
- Dmitrii Ignatyev (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-6408 usage by Country
 United States | 2,332 websites |
 Germany | 847 websites |
 France | 444 websites |
 GB | 292 websites |
 Poland | 268 websites |
 Netherlands | 204 websites |
 Russia | 195 websites |
 Italy | 165 websites |
 Japan | 159 websites |
 Spain | 108 websites |
CVE-2024-6408 usage by TLD
| .com | 2,684 websites |
| .org | 466 websites |
| .de | 463 websites |
| .co.uk | 197 websites |
| .pl | 196 websites |
| .nl | 184 websites |
| .net | 182 websites |
| .fr | 176 websites |
| .ru | 175 websites |
| .it | 138 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-6408
Top websites that are affected by CVE-2024-6408. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *******.***.gov | United States | **,*** | |
| *********************.com | GB | ***,*** | |
| *************.org | United States | ***,*** | |
| ****.*****.edu | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| **********************.com | ***,*** | ||
| *************.it | Italy | ***,*** | |
| ******************.com | United States | ***,*** | |
| **.**********************.com | ***,*** | ||
| ********.nl | Netherlands | ***,*** |
FAQ
CVE-2024-6408 is Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Slider Wd
A total of 6,698 websites have been identified as vulnerable to CVE-2024-6408, discovered through global website indexing conducted by WebTechSurvey.
Slider Wd is susceptible to CVE-2024-6408 vulnerability.
Slider Wd versions before 1.2.57 are vulnerable to CVE-2024-6408.
Version 1.2.57 of Slider Wd addresses the CVE-2024-6408 security vulnerability.