Lucene search
K

1230 matches found

CNNVD
CNNVD
added 2025/06/26 12:0 a.m.3 views

WordPress plugin Owl carousel responsive SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection...

8.8CVSS7.5AI score0.00332EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/26 12:0 a.m.5 views

PT-2025-26919 · WordPress · Owl Carousel

Name of the Vulnerable Software and Affected Versions: Owl carousel responsive plugin for WordPress versions up to, and including, 1.9 Description: The issue is related to time-based SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of...

8.8CVSS7.3AI score0.00332EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/06/25 11:54 p.m.12 views

WordPress Owl carousel responsive plugin <= 1.9 - Authenticated (Contributor+) SQL Injection via id Parameter vulnerability

Authenticated Contributor+ SQL Injection via id Parameter vulnerability discovered by Peter Thaleikis in WordPress Plugin Owl carousel responsive versions = 1.9...

8.8CVSS7.8AI score0.00332EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2025/06/17 12:15 p.m.4 views

CVE-2025-5700

The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS5.9AI score
Exploits0References5
NVD
NVD
added 2025/06/17 12:15 p.m.11 views

CVE-2025-5700

The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS0.00225EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/06/17 11:23 a.m.15 views

CVE-2025-5700 Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS0.00225EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/06/17 11:23 a.m.2 views

CVE-2025-5700 Simple Logo Carousel <= 1.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter

The Simple Logo Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level acce...

6.4CVSS5.7AI score0.00225EPSS
Exploits0References5
CVE
CVE
added 2025/06/17 11:23 a.m.44 views

CVE-2025-5700

The CVE-2025-5700 entry concerns the WordPress plugin Simple Logo Carousel (versions up to 1.9.3). The issue is a Stored Cross-Site Scripting (XSS) vulnerability in the id parameter caused by insufficient input sanitization and output escaping. The vulnerability can be triggered by an attacker wh...

6.4CVSS5.7AI score0.00225EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.3 views

PT-2025-25646 · WordPress · Simple Logo Carousel

Name of the Vulnerable Software and Affected Versions: The Simple Logo Carousel plugin for WordPress versions up to, and including, 1.9.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attacker...

6.4CVSS5.6AI score0.00225EPSS
Exploits0References9
CNNVD
CNNVD
added 2025/06/17 12:0 a.m.2 views

WordPress plugin Simple Logo Carousel 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

6.4CVSS5.7AI score0.00225EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/06/08 11:58 a.m.5 views

CVE-2025-39358

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References1
NVD
NVD
added 2025/06/06 12:15 p.m.6 views

CVE-2025-39358

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

8.8CVSS0.00372EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/06 11:47 a.m.3 views

CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

8.8CVSS5.2AI score0.00372EPSS
Exploits0References1
CVE
CVE
added 2025/06/06 11:47 a.m.36 views

CVE-2025-39358

CVE-2025-39358 affects WordPress plugin WP Posts Carousel (versions up to and including 1.3.12). The vulnerability is Deserialization of Untrusted Data leading to PHP Object Injection, reported for authenticated contexts (Contributor+). Patchstack and CVE records indicate the issue is fixed in ve...

8.8CVSS5.9AI score0.00372EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/06 11:47 a.m.14 views

CVE-2025-39358 WordPress WP Posts Carousel <= 1.3.12 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in teastudio.pl WP Posts Carousel wp-posts-carousel allows Object Injection.This issue affects WP Posts Carousel: from n/a through = 1.3.12...

8.8CVSS0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/06 12:0 a.m.4 views

PT-2025-24078 · WordPress · Wp Posts Carousel

Name of the Vulnerable Software and Affected Versions: WP Posts Carousel versions 1.3.12 and earlier Description: The issue is related to Deserialization of Untrusted Data, which allows Object Injection in WP Posts Carousel. Recommendations: For WP Posts Carousel versions 1.3.12 and earlier, upda...

8.8CVSS8.5AI score0.00372EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/06/06 12:0 a.m.3 views

WordPress plugin WP Posts Carousel 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

8.8CVSS8.2AI score0.00372EPSS
Exploits0References1
Ubuntu
Ubuntu
added 2025/06/05 4:47 a.m.6 views

USN-7556-1: Bootstrap vulnerabilities

It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2024-6484, CVE-2024-6531 It was discovered that Bootstrap did not correctly sanitize certain input in th...

6.4CVSS6.9AI score0.00494EPSS
Exploits0
OSV
OSV
added 2025/06/05 4:47 a.m.5 views

USN-7556-1 twitter-bootstrap3, twitter-bootstrap4 vulnerabilities

It was discovered that Bootstrap did not correctly sanitize certain input in the carousel component. An attacker could possibly use this issue to execute a cross-site scripting XSS attack. CVE-2024-6484, CVE-2024-6531 It was discovered that Bootstrap did not correctly sanitize certain input in th...

6.4CVSS6.8AI score0.00494EPSS
Exploits0References4
OSV
OSV
added 2025/06/03 6:15 a.m.4 views

CVE-2025-4567

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...

4.8CVSS5.8AI score0.0021EPSS
Exploits1References1
Rows per page
Query Builder