Lucene search
K

311 matches found

Vulnrichment
Vulnrichment
added 2025/08/15 2:24 a.m.2 views

CVE-2025-8680 B Slider - Gutenberg Slider Block for WP <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Server-Side Request Forgery in version less than, or equal to, 2.0.0 via the fsapirequest function. This makes it possible for authenticated attackers, with subscriber-level access and above to make web requests to...

4.3CVSS6.8AI score0.00326EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/08/15 12:0 a.m.6 views

WordPress plugin B Slider 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress B Slider plugin suffers from a server-side request forgery vulnerability that stems from the fsapirequest function not implementing an adequate validation mechanis...

4.3CVSS6.8AI score0.00326EPSS
Exploits0References5
Patchstack
Patchstack
added 2025/08/14 11:0 p.m.7 views

WordPress B Slider - Gutenberg Slider Block for WP plugin <= 2.0.0 - Authenticated (Subscriber+) Server-Side Request Forgery vulnerability

WordPress B Slider - Gutenberg Slider Block for WP plugin = 2.0.0 - Authenticated Subscriber+ Server-Side Request Forgery vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 2.0.0...

4.3CVSS6.8AI score0.00326EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/08/14 10:53 p.m.9 views

WordPress B Slider - Gutenberg Slider Block for WP plugin <= 2.0.0 - Authenticated (Subscriber+) Sensitive Information Exposure vulnerability

WordPress B Slider - Gutenberg Slider Block for WP plugin = 2.0.0 - Authenticated Subscriber+ Sensitive Information Exposure vulnerability discovered by wesley wcraft in WordPress Plugin B Slider versions = 2.0.0...

4.3CVSS6.7AI score0.00326EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/08/12 7:15 a.m.3 views

CVE-2025-8418

The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Arbitrary Plugin Installation in all versions up to, and including, 1.1.30. This is due to missing capability checks on the activatedplugin function. This makes it possible for authenticated attackers, with...

8.8CVSS0.00548EPSS
Exploits0References3
OSV
OSV
added 2025/06/17 12:15 p.m.3 views

CVE-2025-5291

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mastersliderpb and msslide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes...

5.4CVSS6AI score0.00218EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 10:33 a.m.14 views

CVE-2024-6850

The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed...

4.8CVSS6AI score0.00325EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 10:7 a.m.10 views

CVE-2024-7716

The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00332EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:58 a.m.8 views

CVE-2024-1506

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS5.8AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:25 a.m.4 views

CVE-2024-4390

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/functio...

6.5CVSS5.9AI score0.00514EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:52 a.m.6 views

CVE-2024-11878

The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:24 a.m.12 views

CVE-2024-0611

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web...

4.8CVSS6.7AI score0.00656EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:9 a.m.9 views

CVE-2024-13116

The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

3.8CVSS5.7AI score0.00331EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:45 a.m.11 views

CVE-2024-10473

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks...

5.4CVSS6AI score0.0037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:28 a.m.7 views

CVE-2024-11108

The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.3AI score0.00315EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:26 a.m.5 views

CVE-2024-3288

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.00295EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:47 a.m.7 views

CVE-2023-23647

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin = 4.4 versions...

5.9CVSS5.6AI score0.00367EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:37 a.m.11 views

CVE-2023-44229

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Tiny Carousel Horizontal Slider plugin = 8.1 versions...

5.9CVSS5.6AI score0.00335EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:33 a.m.10 views

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protect...

6.5CVSS6.9AI score0.00665EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:32 a.m.7 views

CVE-2023-5707

The SEO Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slider' shortcode and post meta in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.00532EPSS
Exploits1References1
Rows per page
Query Builder