1230 matches found
WordPress plugin Owl carousel responsive SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...
PT-2025-26919 · WordPress · Owl Carousel
Name of the Vulnerable Software and Affected Versions: Owl carousel responsive plugin for WordPress versions up to, and including, 1.9 Description: The issue is related to time-based SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of...
WordPress Owl carousel responsive plugin <= 1.9 - Authenticated (Contributor+) SQL Injection via id Parameter vulnerability
Authenticated Contributor+ SQL Injection via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Owl carousel responsive versions = 1.9...
CVE-2025-5700
The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-5700
The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-5700 Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-5700 Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter
The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...
CVE-2025-5700
The CVE-2025-5700 entry concerns the WordPress plugin Simple Logo Carousel (versions up to 1.9.3). The issue is a Stored Cross-Site Scripting (XSS) vulnerability in the id parameter caused by insufficient input sanitization and output escaping. The vulnerability can be triggered by an attacker wh...
PT-2025-25646 · WordPress · Simple Logo Carousel
Name of the Vulnerable Software and Affected Versions: The Simple Logo Carousel plugin for WordPress versions up to, and including, 1.9.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacker...
WordPress plugin Simple Logo Carousel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2025-39358
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...
CVE-2025-39358
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...
CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...
CVE-2025-39358
CVE-2025-39358 affects WordPress plugin WP Posts Carousel (versions up to and including 1.3.12). The vulnerability is Deserialization of Untrusted Data leading to PHP Object Injection, reported for authenticated contexts (Contributor+). Patchstack and CVE records indicate the issue is fixed in ve...
CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability
Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...
PT-2025-24078 · WordPress · Wp Posts Carousel
Name of the Vulnerable Software and Affected Versions: WP Posts Carousel versions 1.3.12 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in WP Posts Carousel. Recommendations: For WP Posts Carousel versions 1.3.12 and earlier, upda...
WordPress plugin WP Posts Carousel 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...
USN-7556-1: Bootstrap vulnerabilities
It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2024-6484, CVE-2024-6531 It was discovered that Bootstrap did not correctly sanitize certain input in th...
USN-7556-1 twitter-bootstrap3, twitter-bootstrap4 vulnerabilities
It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2024-6484, CVE-2024-6531 It was discovered that Bootstrap did not correctly sanitize certain input in th...
CVE-2025-4567
The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...