EUVD-2021-11046

Malware in sbrugna...

CVE-2024-6026

The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options and th...

CVE-2024-6408

The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

CVE-2024-8283

The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10565

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10566

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10565

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10566 Slider by 10Web < 1.2.62 - Contributor+ Stored XSS

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10566 Slider by 10Web < 1.2.62 - Contributor+ Stored XSS

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10566

CVE-2024-10566 affects Slider by 10Web (WordPress plugin) prior to version 1.2.62. The vulnerability arises from improper sanitization/escaping of certain plugin settings, enabling a stored XSS condition that could be triggered by high-privilege users (e.g., admins) even when unfiltered_html is d...

CVE-2024-10565 Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-10565 Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7150

The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query...

WordPress Slider by 10Web plugin < 1.2.59 - Admin+ Stored XSS vulnerability

Admin+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Slider by 10Web versions 1.2.59...

CVE-2024-8283 Slider by 10Web < 1.2.59 - Admin+ Stored XSS

The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2024-7150

The CVE-2024-7150 entry concerns Slider by 10Web – Responsive Image Slider for WordPress. Affected: all versions up to 1.2.57. Root cause: time-based SQL Injection due to insufficient escaping of the id parameter and lack of proper query preparation. Impact: authenticated attackers with Contribut...

WordPress Slider by 10Web Plugin <= 1.2.57 is vulnerable to SQL Injection

Software Slider by 10Web Type Plugin Vulnerable versions = 1.2.57 Fixed in 1.2.58 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-7150 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 4ad1a30beb69 Credits Arkadiusz Hydzik Required privilege Contributor...

WordPress plugin Slider by 10Web 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2024-37602 · 10Web · The Slider By 10Web

Name of the Vulnerable Software and Affected Versions: The Slider by 10Web WordPress plugin versions prior to 1.2.57 Description: The issue allows high privilege users, such as editors and above, to perform Cross-Site Scripting attacks, even when unfiltered html is disallowed, due to the lack of...

WordPress Sliderby10Web plugin <= 1.2.54 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Slider by 10Web versions = 1.2.54...