311 matches found
CVE-2023-1473
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2023-0765
The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...
CVE-2023-23671
Cross-Site Request Forgery CSRF vulnerability in Muneeb Layer Slider plugin = 1.1.9.7 versions...
CVE-2023-6382
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'cssclass' attribute. This mak...
CVE-2022-1687
The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection...
CVE-2015-9419
The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section...
CVE-2015-9454
The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin currentsliderid parameter...
CVE-2018-20368
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback...
CVE-2019-15866
The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wpajaxcrellysliderimportSlider...
CVE-2015-9412
The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter...
CVE-2011-5286
SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter...
CVE-2024-9233
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-9233 GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery
The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin Logo Slider 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2025-27286 WordPress Saoshyant Slider Plugin <= 3.0 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider saoshyant-slider allows Object Injection.This issue affects Saoshyant Slider: from n/a through = 3.0...
CVE-2025-32527 WordPress T&P Gallery Slider plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pey22 T&P Gallery Slider tp-gallery-slider allows Stored XSS.This issue affects T&P Gallery Slider: from n/a through = 1.2...
WordPress Slider by BestWebSoft plugin <= 1.1.0 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by domiee13 in WordPress Plugin Slider by BestWebSoft versions = 1.1.0...
WordPress plugin Slider by BestWebSoft SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...
CVE-2024-10565
The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution
The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...