1230 matches found
CVE-2024-28725
Cross Site Scripting XSS vulnerability in YzmCMS 7.0 allows attackers to run arbitrary code via Ads Management, Carousel Management, and System Settings...
CVE-2024-24801
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0...
CVE-2024-44048
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate.This issue affects Product Carousel Slider & Grid Ultimate for...
CVE-2024-4858
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'savetestimonialsoptioncallback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to updat...
CVE-2024-53756
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aftab Husain Vertical Carousel vertical-carousel-slider allows Stored XSS.This issue affects Vertical Carousel: from n/a through = 1.0.2...
CVE-2024-53749
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Plugin Devs Post Carousel Slider for Elementor post-carousel-slider-for-elementor allows Stored XSS.This issue affects Post Carousel Slider for Elementor: from n/a through = 1.5.0...
CVE-2024-2949
The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to...
CVE-2024-51821
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wordpresteem WE – Client Logo Carousel we-client-logo-carousel allows Stored XSS.This issue affects WE – Client Logo Carousel: from n/a through = 1.4...
CVE-2024-51842
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sazzad Image Carousel Shortcode image-carousel-shortcode allows DOM-Based XSS.This issue affects Image Carousel Shortcode: from n/a through = 1.2...
CVE-2023-28792
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...
CVE-2023-28776
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...
CVE-2023-0097
The Post Grid, Post Carousel, & List Category Posts WordPress plugin before 2.4.19 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-52196
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Phil Ewels CPT Bootstrap Carousel allows Reflected XSS.This issue affects CPT Bootstrap Carousel: from n/a through 1.12...
CVE-2023-23808
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sergey Panasenko Sponsors Carousel plugin = 4.02 versions...
CVE-2023-32797
Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin = 1.0.22 versions...
CVE-2023-23829
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Pierre JEHAN Owl Carousel plugin = 0.5.3 versions...
CVE-2023-24418
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin = 3.2 versions...
CVE-2023-2710
The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...
CVE-2023-28499
Auth. author+ Stored Cross-Site Scripting XSS vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin = 2.4.9 versions...
CVE-2023-2120
The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...