63 matches found
CVE-2024-24801 WordPress OWL Carousel Plugin <= 1.4.0 is vulnerable to Cross Site Scripting (XSS)
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0...
WordPress Plugin CPT Bootstrap Carousel Cross-Site Scripting Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-32070 · WordPress · Carousel
Name of the Vulnerable Software and Affected Versions: The Carousel, Recent Post Slider and Banner Slider plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to Stored Cross-Site Scripting via the spice post slider shortcode due to insufficient input...
CVE-2023-44229
CVE-2023-44229 concerns the Tiny Carousel Horizontal Slider WordPress plugin. The vulnerability is an authenticated (admin+) Stored Cross-Site Scripting (XSS) flaw in versions
CVE-2023-23829
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pierre JEHAN Owl Carousel plugin = 0.5.3 versions...
CVE-2023-23829
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pierre JEHAN Owl Carousel plugin = 0.5.3 versions...
CVE-2023-23829
CVE-2023-23829 affects the Owl Carousel WordPress plugin versions ≤ 0.5.3. It is a Stored Cross-Site Scripting (XSS) vulnerability that requires Admin+ privileges. Patch status indicates the flaw is Unpatched; the recommended remediation is to update to a version higher than 0.5.3 (if available)....
CVE-2023-28776
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...
CVE-2023-23808
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sergey Panasenko Sponsors Carousel plugin = 4.02 versions...
CVE-2023-23808
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sergey Panasenko Sponsors Carousel plugin = 4.02 versions...
CVE-2023-23808
CVE-2023-23808 affects the WordPress Sponsors Carousel plugin for versions prior to or equal to 4.02. The issue is an Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in the Sponsors Carousel plugin, with the root cause described as stored XSS. The available sources indicate...
CVE-2023-28792
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...
WordPress plugin CPT Bootstrap Carousel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-16011 · WordPress · Post Grid
Name of the Vulnerable Software and Affected Versions: The Post Grid, Post Carousel, & List Category Posts WordPress plugin versions prior to 2.4.19 Description: The issue concerns a lack of validation and escaping of certain block options in the plugin, which could allow users with the contribut...
PT-2023-14557 · WordPress · Carousel
Name of the Vulnerable Software and Affected Versions: The Carousel, Slider, Gallery by WP Carousel WordPress plugin versions prior to 2.5.3 Description: The issue allows users with a role as low as contributor to perform Stored Cross-Site Scripting attacks, which could be used against high...
@basket/get (>=1.1.0 <=1.2.2), @bitovi/incremental (>=1.0.0 <=1.0.2) +50 more potentially affected by CVE-2022-37257 via steal (>=0.12.9 <=2.3.0)
steal NPM version =0.12.9, =1.1.0, =1.0.0, =1.0.0, =0.0.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1-0, =0.3.0, =1.0.0, =0.4.0, =0.7.3 and more Source cves: CVE-2022-37257 Source advisory: OSV:GHSA-93Q5-3XPC-8VG3...
WordPress plugin Carousel CK 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Carousel CK plugin 1.1.0 and earlier versions have a cross-site scripting vulnerability tha...
CVE-2021-24738
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24739
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...
WordPress 插件授权问题漏洞
WordPress is the Wordpress Foundation's set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress Logo Carousel plugin is vulnerable to authorization issues in versions prior to 3.4.2. The...