Lucene search
K

312 matches found

Vulnrichment
Vulnrichment
added 2025/03/18 6:36 a.m.8 views

CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

7.3CVSS7.6AI score0.00432EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/03/14 10:13 p.m.4 views

WordPress Thumbnail carousel slider plugin <= 1.0.4 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Thumbnail carousel slider versions = 1.0.4...

4.9CVSS9.5AI score0.00414EPSS
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/03/07 9:49 a.m.5 views

CVE-2024-11731

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslider shortcode in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS7.4AI score0.00262EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/07 9:49 a.m.8 views

CVE-2024-13757

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/07 9:46 a.m.6 views

CVE-2024-13809

The Hero Slider - WordPress Slider Plugin plugin for WordPress is vulnerable to SQL Injection via several parameters in all versions up to, and including, 1.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

6.5CVSS7.5AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2025/03/05 10:15 a.m.5 views

CVE-2024-13757

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS7.4AI score0.00275EPSS
Exploits0References3
NVD
NVD
added 2025/03/05 10:15 a.m.7 views

CVE-2024-13757

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00275EPSS
Exploits0References3
OSV
OSV
added 2025/03/05 10:15 a.m.3 views

CVE-2024-11731

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

5.4CVSS7.4AI score0.00262EPSS
Exploits0References3
NVD
NVD
added 2025/03/05 10:15 a.m.5 views

CVE-2024-11731

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's msslider shortcode in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00262EPSS
Exploits0References4
CVE
CVE
added 2025/03/05 9:21 a.m.58 views

CVE-2024-11731

The CVE-2024-11731 entry covers a Stored Cross-Site Scripting in WordPress Master Slider (ms_slider shortcode). Connected sources confirm the flaw affects Master Slider versions up to at least 3.10.7 (Wordfence/Patchstack entries) and is exploitable by an authenticated attacker with contributor-l...

6.4CVSS7.4AI score0.00262EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2025/03/05 9:21 a.m.47 views

CVE-2024-13809

CVE-2024-13809 pertains to Hero Slider - WordPress Slider Plugin (WordPress Hero Slider) ≤ 1.3.5, exposing an authenticated SQL Injection via multiple parameters. Reports indicate attacker with Subscriber+ privileges can append SQL to existing queries to exfiltrate data; patch status in sources i...

6.5CVSS7.5AI score0.00321EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/05 9:21 a.m.9 views

CVE-2024-13757 Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS0.00275EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/03/05 9:21 a.m.7 views

CVE-2024-13757 Master Slider – Responsive Touch Slider <= 3.10.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mslayer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.9AI score0.00275EPSS
Exploits0References3
CVE
CVE
added 2025/03/05 9:21 a.m.59 views

CVE-2024-13757

CVE-2024-13757 : Master Slider – Responsive Touch Slider (WordPress) is affected up to version 3.10.6. The stored cross-site scripting vulnerability occurs in the ms_layer shortcode due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contribut...

6.4CVSS5.9AI score0.00275EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2025/03/04 11:0 p.m.2 views

WordPress Hero Slider plugin <= 1.3.5 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Hero Slider versions = 1.3.5...

6.5CVSS8.1AI score0.00321EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/02/21 6:16 a.m.17 views

CVE-2024-12173

The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS5.6AI score0.00314EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/02/19 6:38 a.m.7 views

WordPress Master Slider plugin < 3.10.5 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Master Slider versions 3.10.5...

3.5CVSS6.1AI score0.00314EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/02/19 6:15 a.m.36 views

CVE-2024-12173

The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.5CVSS0.00314EPSS
Exploits1References1
CVE
CVE
added 2025/02/04 7:21 a.m.49 views

CVE-2024-13514

CVE-2024-13514 concerns the WordPress plugin B Slider- Gutenberg Slider Block for WP. The CVE describes Information Exposure via the bsb-slider shortcode, enabling authenticated users with Contributor+ privileges to read private posts. Reported affected versions include up to 1.9.5 (per the CVE r...

4.3CVSS4.4AI score0.00334EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/24 5:24 p.m.15 views

CVE-2025-24682 WordPress Super Block Slider plugin <= 2.7.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Michael Super Block Slider super-block-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Block Slider: from n/a through = 2.7.9...

4.3CVSS0.00389EPSS
Exploits0References1
Rows per page
Query Builder