WordPress Ultimate Multi Design Video Carousel plugin <= 1.4 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Nabil Irawan in WordPress Plugin Ultimate Multi Design Video Carousel versions = 1.4...

EUVD-2023-58217

Malicious code in bioql PyPI...

EUVD-2023-37018

Malicious code in bioql PyPI...

CVE-2025-9372 Ultimate Multi Design Video Carousel <= 1.4 - Authenticated (Editor+) Stored Cross-Site Scripting

The Ultimate Multi Design Video Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level access, to inject...

CVE-2025-9372

CVE-2025-9372 documents a stored XSS vulnerability in WordPress plugin Ultimate Multi Design Video Carousel (versions ≤ 1.4) caused by insufficient input sanitization and output escaping. Exploitation requires authenticated access at editor level and affects multi-site installations or sites wher...

WordPress plugin The Ultimate Multi Design Video Carousel 跨站脚本漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

CVE-2023-32797

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin = 1.0.22 versions...

CVE-2023-2710

The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

CVE-2019-25212

The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

WordPress video carousel slider with lightbox plugin <= 1.0.6 - Authenticated (Admin+) SQL Injection vulnerability

Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin video carousel slider with lightbox versions = 1.0.6...

PT-2024-10743 · WordPress · Video Carousel Slider With Lightbox Plugin

Name of the Vulnerable Software and Affected Versions: video carousel slider with lightbox plugin for WordPress versions 1.0.0 through 1.0.6 Description: The issue is related to SQL Injection via the id parameter due to insufficient escaping on the user-supplied parameter and lack of sufficient...

WordPress video carousel slider with lightbox Plugin <= 1.0.6 is vulnerable to SQL Injection

Software video carousel slider with lightbox Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2019-25212 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 8ccaa8ef0272 Credits Ala Arfaoui Required privileg...

WordPress plugin video carousel slider with lightbox SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

CVE-2023-5945

The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the responsivevideogallerywithlightboxvideomanagementfunc function. This makes it possible for unauthenticated attackers...

WordPress video carousel slider with lightbox Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software video carousel slider with lightbox Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5945 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1fb4a457923c Credits Al...

PT-2023-32434 · WordPress · Video Carousel Slider With Lightbox Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: video carousel slider with lightbox plugin for WordPress version 1.0 Description: The issue is due to missing or incorrect nonce validation on the responsive video gallery with lightbox video management func function, making it possible for...

WordPress Plugin video carousel slider with lightbox Cross-site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-32797

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin = 1.0.22 versions...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin = 1.0.22 versions...

CVE-2023-32797

CVE-2023-32797 is an unauthenticated reflected XSS vulnerability in the WordPress plugin “I Thirteen Web Solution video carousel slider with lightbox” (versions