1230 matches found
WordPress Responsive Posts Carousel Pro plugin <= 15.2 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin Responsive Posts Carousel Pro versions = 15.2...
PT-2025-52748
Name of the Vulnerable Software and Affected Versions Responsive Posts Carousel Pro versions through 15.2 Description An issue exists in WebCodingPlace Responsive Posts Carousel Pro that allows for Stored Cross-site Scripting XSS. This occurs due to improper neutralization of input during web pag...
WordPress plugin Responsive Posts Carousel Pro 跨站脚本漏洞
...
CVE-2025-12388
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...
CVE-2025-12388
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...
CVE-2025-12388
The CVE-2025-12388 entry concerns the WordPress plugin “B Carousel Block – Responsive Image and Content Carousel” (versions up to and including 1.1.5). The connected sources corroborate a Server-Side Request Forgery (SSRF) vulnerability caused by failure to validate user-supplied URLs before pass...
CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...
CVE-2025-12388 B Carousel Block – Responsive Image and Content Carousel <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery
The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.1.5. This is due to the plugin not validating user-supplied URLs before passing them to the wpremoterequest function. This makes it...
WordPress B Carousel Block plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Server-Side Request Forgery vulnerability
Missing Authorization to Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by Sushi Com Abacate in WordPress Plugin B Carousel Block versions = 1.1.5...
WordPress plugin B Carousel Block – Responsive Image and Content Carousel 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin B...
PT-2025-45090
Name of the Vulnerable Software and Affected Versions B Carousel Block – Responsive Image and Content Carousel versions up to and including 1.1.5 Description The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is susceptible to Server-Side Request Forgery. The issue...
MAL-2025-49180 Malicious code in epic-react-carousel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dda6f7b41ec3fd32c4f9caa1846773d83aeef02ec9f72babd312048351b6211c The package epic-react-carousel was found to contain malicious code...
Malicious code in epic-react-carousel (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector dda6f7b41ec3fd32c4f9caa1846773d83aeef02ec9f72babd312048351b6211c The package epic-react-carousel was found to contain malicious code...
EUVD-2025-37113
Malicious code in epic-react-carousel npm...
Linux Distros Unpatched Vulnerability : CVE-2025-11717
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When switching between Android apps using the card carousel Firefox shows a black screen as its card image when a password-related screen was the last one being...
CVE-2025-8666
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions less than, or equal to, 11.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
WordPress plugin Testimonial Carousel For Elementor 安全漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2025-8666
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions less than, or equal to, 11.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2025-8666
CVE-2025-8666 concerns the WordPress plugin Testimonial Carousel For Elementor (versions ≤ 11.6.2). The stored XSS vulnerability arises from insufficient input sanitization and output escaping across multiple parameters, enabling an attacker with Contributor-level access or higher to inject scrip...
CVE-2025-8666 Testimonial Carousel For Elementor <= 11.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions less than, or equal to, 11.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...