Lucene search

Master Slider Security Vulnerabilities

cve

CVE-2018-20368

The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.

5.4CVSS

5.2AI Score

0.001EPSS

2022-10-03 04:22 PM

cve

CVE-2023-47506

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5.

8.8CVSS

9AI Score

0.001EPSS

2023-12-18 11:15 PM

cve

CVE-2023-47508

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions.

7.1CVSS

6AI Score

0.0005EPSS

2023-11-16 07:15 PM

cve

CVE-2023-50900

Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-19 10:15 AM

cve

CVE-2024-0611

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scri...

4.4CVSS

4.5AI Score

0.0004EPSS

2024-03-02 12:16 PM

cve

CVE-2024-1449

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-03-02 12:16 PM