The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the General widget in all versions up to, and including, 3.14.3 due to insufficient input sanitization and output escaping. This...
6.4CVSS
6AI Score
0.0004EPSS
The Slider Revolution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘htmltag’ parameter in all versions up to, and including, 6.7.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web...
6.4CVSS
6.1AI Score
0.0004EPSS
The Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, Product Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via urls in link fields, images from URLs, and html tags used in widgets...
5.4CVSS
6AI Score
0.0004EPSS
The Revslider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via svg upload in all versions up to, and including, 6.6.20 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that...
6.4CVSS
6.2AI Score
0.0004EPSS
The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
6.1AI Score
0.0004EPSS
The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
6.1AI Score
0.0004EPSS
The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
6.1AI Score
0.0004EPSS
The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code...
8.8CVSS
7.5AI Score
0.001EPSS
Unrestricted Upload of File with Dangerous Type vulnerability in ThemePunch OHG Slider Revolution.This issue affects Slider Revolution: from n/a through...
8.8CVSS
7.2AI Score
0.001EPSS
Contributor+ Stored Cross-Site Scripting (XSS) vulnerability in Slider Revolution...
5.4CVSS
6.2AI Score
0.0004EPSS
Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Trident Technolabs Easy Slider Revolution plugin <= 1.0.0...
5.4CVSS
5.2AI Score
0.0004EPSS
The Slider Revolution WordPress plugin through 6.6.12 does not check for valid image files upon import, leading to an arbitrary file upload which may be escalated to Remote Code Execution in some server...
8.8CVSS
9AI Score
0.001EPSS
MODX Revolution through 2.8.3-pl allows remote authenticated administrators to execute arbitrary code by uploading an executable file, because the Uploadable File Types setting can be changed by an...
7.2CVSS
7.1AI Score
0.017EPSS
Fred MODX Revolution < 1.0.0-beta5 is affected by: Incorrect Access Control - CWE-648. The impact is: Remote Code Execution. The component is: assets/components/fred/web/elfinder/connector.php. The attack vector is: Uploading a PHP file or change data in the database. The fixed version is:...
9.8CVSS
7.8AI Score
0.015EPSS
MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL injection caused by improper sanitization by the escape method resulting in authenticated user accessing database and possibly escalating...
8.8CVSS
7.7AI Score
0.001EPSS
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query...
8.5AI Score
0.001EPSS
Cross-site scripting (XSS) vulnerability in manager/index.php in MODx Revolution 2.0.2-pl allows remote attackers to inject arbitrary web script or HTML via the modhash...
5.8AI Score
0.033EPSS
Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that....
7.6AI Score
0.049EPSS
Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet.....
7.5AI Score
0.011EPSS