CVE-2026-7636

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

EUVD-2026-31416

The Slider by Soliloquy – Responsive Image Slider for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.8.1 via the mapmetacap. This makes it possible for authenticated attackers, with subscriber-level access and above, to extra...

CVE-2025-47666

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Image FullScreen Background lbgfullscreenfullwidthslider allows Reflected XSS.This issue affects Image FullScreen Background: from n/a through = 1.6.7...

PT-2026-4082

Name of the Vulnerable Software and Affected Versions averta Depicter Slider versions through 4.0.4 Description An issue exists in averta Depicter Slider where incorrectly configured access control security levels can be exploited, leading to a missing authorization condition. Recommendations...

@oku-ui/primitives (>=0.4.0 <=0.6.1) potentially affected by unknown CVE via @oku-ui/slider (=0.6.1)

@oku-ui/slider NPM version =0.6.1 is affected by a known vulnerability. The following packages have a transitive dependency on @oku-ui/slider and may be impacted: - @oku-ui/primitives =0.4.0, =0.6.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-191274...

PT-2025-43596

Name of the Vulnerable Software and Affected Versions Multi Item Responsive Slider plugin for WordPress versions prior to 1.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the mioptions.php page. This allows...

EUVD-2025-2965

Malicious code in bioql PyPI...

EUVD-2024-28353

Malicious code in bioql PyPI...

EUVD-2024-17458

Malicious code in bioql PyPI...

EUVD-2025-32246

The AP Background plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.2. This is due to missing or incorrect nonce validation on the advParallaxBackAdminSaveSlider function. This makes it possible for unauthenticated attackers to create or...

CVE-2025-8690 Simple Responsive Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Simple Responsive Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inje...

@toptal/picasso (>=48.1.18 <=54.1.4-alpha-CPS-2606-migrate-to-tailwind-4-fe1684b09.0) potentially affected by unknown CVE via @toptal/picasso-slider (>=4.0.0 <=4.0.7-alpha-ff-7-763b46173.0)

@toptal/picasso-slider NPM version =4.0.0, =48.1.18, =54.1.4-alpha-CPS-2606-migrate-to-tailwind-4-fe1684b09.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-6063...

@admin-layout/gluestack-ui-mobile (>=6.5.1-alpha.0 <=12.2.4-alpha.49), @aemforms/af-react-native (>=1.0.1 <=1.0.31) +188 more potentially affected by unknown CVE via @react-native-aria/slider (=0.2.12)

@react-native-aria/slider NPM version =0.2.12 is affected by a known vulnerability. The following packages have a transitive dependency on @react-native-aria/slider and may be impacted: - @admin-layout/gluestack-ui-mobile =6.5.1-alpha.0, =1.0.1, =0.0.3, =0.1.21, =1.0.0, =0.1.0-alpha2, =1.2.0,...

CVE-2024-3027

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to uploa...

CVE-2024-1858

The Lightbox slider – Responsive Lightbox Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.9 via deserialization of untrusted input through post meta data. This makes it possible for authenticated attackers, with contributor-level access...

CVE-2023-6493

The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for...

CVE-2025-47481

Improper Control of Generation of Code 'Code Injection' vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Code Injection.This issue affects GS Testimonial Slider: from n/a through = 3.2.9...

WordPress plugin Smart Product Gallery Slider 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-30889 WordPress Testimonial Slider plugin <= 2.0.13 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through = 2.0.13...

CVE-2025-31588 WordPress Elfsight Testimonials Slider plugin <= 1.0.1 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in elfsight Elfsight Testimonials Slider allows Cross Site Request Forgery. This issue affects Elfsight Testimonials Slider: from n/a through 1.0.1...