CVE-2026-3331

The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourtyslideroptionspage function. This makes it possible for unauthenticated attackers to modify...

CVE-2026-3331

The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourtyslideroptionspage function. This makes it possible for unauthenticated attackers to modify...

CVE-2026-3331

The CVE-2026-3331 entry concerns the Lobot Slider Administrator plugin for WordPress. A CSRF flaw affects versions up to and including 0.6.0, caused by missing or incorrect nonce validation on the fourty_slider_options_page function. This allows unauthenticated attackers to modify plugin slider-p...

CVE-2025-13153

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2025-6550

The The Pack Elementor addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slideroptions’ parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress plugin The Pack Elementor addon 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...