CVE-2024-30547
Unknown Unknown - Not Provided

DOM-Based XSS in Shazdeh Header Image Slider Allows Code Injection

Vulnerability report for CVE-2024-30547, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-06

Last updated on: 2026-01-06

Assigner: Patchstack

Description

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Shazdeh Header Image Slider header-image-slider allows DOM-Based XSS.This issue affects Header Image Slider: from n/a through 0.3.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-06
Last Modified
2026-01-06
Generated
2026-07-06
AI Q&A
2026-01-06
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
shazdeh header_image_slider to 0.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2024-30547 is a Cross Site Scripting (XSS) vulnerability in the WordPress Header Image Slider Plugin (versions up to 0.3). It allows attackers to inject malicious scripts, such as redirects or advertisements, into a website. These scripts execute when visitors access the compromised site, potentially leading to unauthorized actions or data exposure. The vulnerability is DOM-Based XSS and classified under OWASP Top 10 A3: Injection. [1]

Impact Analysis

This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, theft of user data, or other malicious activities. It requires user interaction but no authentication, meaning any visitor clicking a crafted link or visiting a malicious page could trigger the attack. This can damage your website's integrity, user trust, and potentially lead to further security breaches. [1]

Mitigation Strategies

Immediate steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is released. Additionally, using automated vulnerability mitigation services provided by Patchstack can help protect affected websites running the Header Image Slider plugin version 0.3 or earlier. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-30547. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart