Lucene search
K

1231 matches found

OSV
OSV
added 2025/06/03 6:15 a.m.6 views

CVE-2025-4567

The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform...

4.8CVSS5.8AI score0.0021EPSS
Exploits1References1
CVE
CVE
added 2025/06/03 6:0 a.m.55 views

CVE-2025-4567

CVE-2025-4567 : The WordPress plugin Post Slider and Post Carousel with Widget – A Responsive Post Slider (Post Vertical Scrolling Widget) pre-3.2.10 does not validate/escape certain widget options before output, enabling Stored XSS for users with contributor+ privileges. Affected: Post Slider an...

4.8CVSS5.9AI score0.0021EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/06/03 12:0 a.m.6 views

WordPress plugin Post Slider and Post Carousel with Post Vertical Scrolling Widget 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the WordPre...

4.8CVSS5.8AI score0.0021EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/31 3:56 p.m.4 views

Malicious code in @seo-frontend-components/card-blog-carousel (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1cfcc9a2754a9e96e7bfd7f7c78281a5016b48feeaa8c61f782bcab5dbe4ae8e The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel' @ 1.999.0 npm as malicious. It is considered...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/05/31 3:32 p.m.5 views

Malicious code in @seo-frontend-components/card-blog-carousel-mobile (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 1eaa599a9c0235a5d52b5534f4177883c03e7ae19496ef98593fadfc3a7ccef8 The OpenSSF Package Analysis project identified '@seo-frontend-components/card-blog-carousel-mobile' @ 1.999.2 npm as malicious. It is considere...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 11:59 a.m.8 views

CVE-2025-24681

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate allows Stored XSS.This issue affects Product Carousel Slider & Grid Ultimate for...

5.9CVSS7.2AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:57 a.m.6 views

CVE-2025-0350

The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on us...

6.4CVSS5.8AI score0.00338EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 11:42 a.m.6 views

CVE-2025-22724

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in MojofyWP Product Carousel For WooCommerce – WoorouSell allows Stored XSS.This issue affects Product Carousel For WooCommerce – WoorouSell: from n/a through 1.1.0...

6.5CVSS6.7AI score0.00304EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.14 views

CVE-2024-6850

The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:18 a.m.10 views

CVE-2024-45270

WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the...

4.3CVSS6.5AI score0.00215EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 9:23 a.m.5 views

CVE-2024-3675

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Flip Carousel, Flip Box, Post Grid, and Taxonomy List widgets in all versions up to, and including, 1.3.971 due to insufficient input sanitization and output escaping on use...

6.4CVSS6AI score0.00594EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:14 a.m.5 views

CVE-2024-30520

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Labib Ahmed Carousel Anything For WPBakery Page Builder allows Stored XSS.This issue affects Carousel Anything For WPBakery Page Builder: from n/a through 2.1...

6.5CVSS8.6AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.7 views

CVE-2024-5086

The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...

6.4CVSS6AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:0 a.m.5 views

CVE-2024-47631

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in bPlugins Logo Carousel – Clients logo carousel for WP responsive-client-logo-carousel-slider allows Stored XSS.This issue affects Logo Carousel – Clients logo carousel for WP: from n/a through = 1....

6.5CVSS5.9AI score0.00231EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:56 a.m.16 views

CVE-2024-29925

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6...

6.5CVSS8.6AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.9 views

CVE-2024-4372

The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00399EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:39 a.m.7 views

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through 3.0.0...

4.3CVSS6.9AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.10 views

CVE-2024-1712

The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.7CVSS5.6AI score0.00484EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:17 a.m.23 views

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through 10.1.1...

6.5CVSS6.8AI score0.00237EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:6 a.m.10 views

CVE-2024-45269

WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the...

4.3CVSS6.4AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder