Lucene search
K

311 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:57 a.m.7 views

CVE-2023-1473

The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00458EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.9 views

CVE-2023-0765

The Gallery by BestWebSoft WordPress plugin before 4.7.0 does not properly escape values used in SQL queries, leading to an Blind SQL Injection vulnerability. The attacker must have at least the privileges of an Author, and the vendor's Slider plugin https://wordpress.org/plugins/slider-bws/ must...

8.8CVSS9.1AI score0.00873EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:37 a.m.5 views

CVE-2023-23671

Cross-Site Request Forgery CSRF vulnerability in Muneeb Layer Slider plugin = 1.1.9.7 versions...

7.1CVSS7.2AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:5 a.m.16 views

CVE-2023-6382

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msslide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'cssclass' attribute. This mak...

6.4CVSS5.8AI score0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:4 p.m.7 views

CVE-2022-1687

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lspsliderid parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection...

4CVSS7AI score0.00764EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:34 a.m.7 views

CVE-2015-9419

The captain-slider plugin 1.0.6 for WordPress has XSS via a Title or Caption section...

6.1CVSS6AI score0.01177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:33 a.m.5 views

CVE-2015-9454

The smooth-slider plugin before 2.7 for WordPress has SQL Injection via the wp-admin/admin.php?page=smooth-slider-admin currentsliderid parameter...

8.8CVSS8.4AI score0.01927EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:13 a.m.19 views

CVE-2018-20368

The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback...

5.4CVSS6AI score0.00705EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:12 a.m.7 views

CVE-2019-15866

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wpajaxcrellysliderimportSlider...

8.8CVSS7.2AI score0.02027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:55 a.m.3 views

CVE-2015-9412

The Royal-Slider plugin before 3.2.7 for WordPress has XSS via the rstype parameter...

6.1CVSS6AI score0.01156EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:54 a.m.4 views

CVE-2011-5286

SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter...

7.5CVSS8.9AI score0.03032EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:16 p.m.4 views

CVE-2024-9233

The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00161EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/15 8:7 p.m.9 views

CVE-2024-9233 GS Logo Slider < 3.7.1 - Settings Update via Cross-Site Request Forgery

The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

7AI score0.00161EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.4 views

WordPress plugin Logo Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS4.9AI score0.00161EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:48 p.m.8 views

CVE-2025-27286 WordPress Saoshyant Slider Plugin <= 3.0 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in saoshyant1994 Saoshyant Slider saoshyant-slider allows Object Injection.This issue affects Saoshyant Slider: from n/a through = 3.0...

9.8CVSS8.6AI score0.00549EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:47 p.m.6 views

CVE-2025-32527 WordPress T&P Gallery Slider plugin <= 1.2 - Stored Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pey22 T&P Gallery Slider tp-gallery-slider allows Stored XSS.This issue affects T&P Gallery Slider: from n/a through = 1.2...

7.1CVSS7.2AI score0.00257EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/03/28 10:34 a.m.3 views

WordPress Slider by BestWebSoft plugin <= 1.1.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by domiee13 in WordPress Plugin Slider by BestWebSoft versions = 1.1.0...

7.6CVSS8AI score0.00318EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/03/28 12:0 a.m.2 views

WordPress plugin Slider by BestWebSoft SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A SQL injection...

7.6CVSS9.2AI score0.00318EPSS
Exploits0References2
OSV
OSV
added 2025/03/25 6:15 a.m.4 views

CVE-2024-10565

The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

6.1CVSS7.3AI score0.00313EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/18 6:36 a.m.7 views

CVE-2025-2262 Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly...

7.3CVSS7.6AI score0.00432EPSS
Exploits0References5
Rows per page
Query Builder