Lucene search
K

1231 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 3:9 a.m.5 views

CVE-2023-2120

The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.9AI score0.00609EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:2 a.m.6 views

CVE-2023-1915

The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin...

6.1CVSS7.5AI score0.00477EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.3 views

CVE-2023-0589

The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS5.7AI score0.00444EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:53 a.m.4 views

CVE-2023-0073

The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS4.4AI score0.00471EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:45 a.m.7 views

CVE-2023-0280

The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.5AI score0.00444EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:42 a.m.6 views

CVE-2023-41848

Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2...

5.3CVSS8.5AI score0.00457EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:19 a.m.6 views

CVE-2023-38910

CSZ CMS 1.3.0 is vulnerable to cross-site scripting XSS, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered in the 'Carousel Wiget' section and choosing our carousel widget created above, in 'Photo URL' and 'YouTube URL' plugin...

6.1CVSS6.3AI score0.00436EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:18 a.m.6 views

CVE-2023-51530

Cross-Site Request Forgery CSRF vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1...

8.8CVSS6.3AI score0.00241EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:29 a.m.9 views

CVE-2022-4834

The CPT Bootstrap Carousel WordPress plugin through 1.12 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.9AI score0.00534EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 12:19 a.m.10 views

CVE-2022-4600

A vulnerability was found in Shoplazza LifeStyle 1.1. It has been classified as problematic. This affects an unknown part of the file /admin/api/theme-edit/ of the component Product Carousel Handler. The manipulation of the argument Heading/Description leads to cross site scripting. It is possibl...

5.4CVSS6.2AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:45 p.m.6 views

CVE-2022-44578

Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3...

5.3CVSS8.6AI score0.00513EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.8 views

CVE-2021-24374

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published...

5.3CVSS6.8AI score0.01494EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:23 p.m.8 views

CVE-2021-24739

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature...

8.1CVSS6.8AI score0.01006EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:21 p.m.9 views

CVE-2018-14573

A Local File Inclusion LFI vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary files through the use of directory traversal sequences, aka CSL-1683...

5.5CVSS7.1AI score0.06394EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:11 p.m.7 views

CVE-2018-18930

The Tightrope Media Carousel digital signage product 7.0.4.104 contains an arbitrary file upload vulnerability in the Manage Bulletins/Upload feature, which can be leveraged to gain remote code execution. An authenticated attacker can upload a crafted ZIP file based on an exported backup of...

8.8CVSS8AI score0.0275EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:7 a.m.4 views

CVE-2015-9434

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=kwlogos=kwlogossettings tab or tabflagsorder parameter...

6.5CVSS6.1AI score0.00867EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:28 a.m.7 views

CVE-2018-18929

The Tightrope Media Carousel Seneca HDn Windows-based appliance 7.0.4.104 is shipped with a default local administrator username and password. This can be found by a limited user account in an "unattend.xml" file left over on the C: drive from the Sysprep process. An attacker with this username a...

8.8CVSS7.1AI score0.01114EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/18 4:2 p.m.10 views

CVE-2025-31928

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support multimedia-carousel allows SQL Injection.This issue affects Multimedia Responsive Carousel with Image Video Audio Support:...

8.5CVSS7.3AI score0.00267EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 4:15 p.m.20 views

CVE-2025-31928

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support multimedia-carousel allows SQL Injection.This issue affects Multimedia Responsive Carousel with Image Video Audio Support:...

8.5CVSS0.00267EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 4:15 p.m.5 views

CVE-2025-31640

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic-carousel allows SQL Injection.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through 1.6...

8.5CVSS0.00351EPSS
Exploits0References1
Rows per page
Query Builder