94 matches found
CVE-2022-2823
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...
CVE-2022-2823
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...
CVE-2022-2823
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...
Cross site scripting
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...
CVE-2022-2823
CVE-2022-2823 documents a stored XSS in the WordPress plugin “MetaSlider” (Slider, Gallery, and Carousel) prior to version 3.27.9. The root cause is inadequate sanitization/escaping of certain Gallery Image parameters, which permits high-privilege users (e.g., admins) to inject scripts even when ...
PT-2022-18891 · WordPress · Metaslider
Name of the Vulnerable Software and Affected Versions: The Slider, Gallery, and Carousel by MetaSlider WordPress plugin versions prior to 3.27.9 Description: The issue concerns the lack of sanitization and escaping of certain Gallery Image parameters, which could allow high-privilege users, such ...
CVE-2022-2823 Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...
Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting
The plugin does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup Add an image to a Gallery via...
Slider, Gallery, and Carousel by MetaSlider < 3.27.9 - Admin+ Stored Cross Site Scripting
The plugin does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Add an image to a Gallery via...
WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.27.8 - Auth. Stored Cross-Site Scripting (XSS) vulnerability
Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Anurag Bhoir in WordPress Slider, Gallery, and Carousel by MetaSlider plugin versions = 3.27.8. Solution Update the WordPress Responsive Slider by MetaSlider plugin to the latest available version at least 3.27.9...
WordPress Responsive Slider by MetaSlider plugin <= 3.17.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Vishnupriya Ilango Fortinet FortiGuard Labs in WordPress Responsive Slider by MetaSlider plugin versions = 3.17.1. Solution Update the WordPress Responsive Slider by MetaSlider plugin to the latest available version at least...
MetaSlider < 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS)
Vishnupriya Ilango, from Fortinet's FortiGuard Lab, discovered a stored Cross-Site Scripting XSS vulnerability in Metaslider plugin v3.17.1, which exists in Image caption or description parameter in the slide creation module...
Meta Slider 2.1.6 - Multiple Full Path Disclosure
The Responsive Slider by MetaSlider – Slider and Carousel Plugin for WordPress WordPress plugin was affected by a Multiple Full Path Disclosure security vulnerability...
Meta Slider <= 2.5 - Cross-Site Scripting (XSS)
The Responsive Slider by MetaSlider – Slider and Carousel Plugin for WordPress WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...