312 matches found
CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution
The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...
WordPress Thumbnail carousel slider plugin <= 1.0.4 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Thumbnail carousel slider versions = 1.0.4...
CVE-2024-11731
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslider shortcode in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-13757
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-13809
The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2024-13757
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-13757
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-11731
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-11731
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslider shortcode in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-11731
The CVE-2024-11731 entry covers a Stored Cross-Site Scripting in WordPress Master Slider (ms_slider shortcode). Connected sources confirm the flaw affects Master Slider versions up to at least 3.10.7 (Wordfence/Patchstack entries) and is exploitable by an authenticated attacker with contributor-l...
CVE-2024-13809
CVE-2024-13809 pertains to Hero Slider - WordPress Slider Plugin (WordPress Hero Slider) ≤ 1.3.5, exposing an authenticated SQL Injection via multiple parameters. Reports indicate attacker with Subscriber+ privileges can append SQL to existing queries to exfiltrate data; patch status in sources i...
CVE-2024-13757 Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-13757 Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2024-13757
CVE-2024-13757 : Master Slider – Responsive Touch Slider (WordPress) is affected up to version 3.10.6. The stored cross-site scripting vulnerability occurs in the ms_layer shortcode due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contribut...
WordPress Hero Slider plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection vulnerability
Authenticated Subscriber+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Hero Slider versions = 1.3.5...
CVE-2024-12173
The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Master Slider plugin < 3.10.5 - Editor+ Stored XSS vulnerability
Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Master Slider versions 3.10.5...
CVE-2024-12173
The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13514
CVE-2024-13514 concerns the WordPress plugin B Slider- Gutenberg Slider Block for WP. The CVE describes Information Exposure via the bsb-slider shortcode, enabling authenticated users with Contributor+ privileges to read private posts. Reported affected versions include up to 1.9.5 (per the CVE r...
CVE-2025-24682 WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through = 2.7.9...