CVE-2024-4002 Carousel, Slider, Gallery by WP Carousel < 2.6.9 - Editor+ Stored XSS

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-4002 Carousel, Slider, Gallery by WP Carousel < 2.6.9 - Editor+ Stored XSS

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-4002

CVE-2024-4002 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” up to version 2.6.9. The issue comes from insufficient sanitization/escaping of certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_htm...

CVE-2024-13314

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-13314 Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Admin+ Stored XSS

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

CVE-2024-13314

CVE-2024-13314 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” (pre-2.7.4). The issue is insufficient sanitization/escaping of settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details show mitigation by up...

WordPress Carousel, Slider, Gallery by WP Carousel plugin <= 2.6.3 - Admin+ PHP Object Injection vulnerability

Admin+ PHP Object Injection vulnerability discovered by hoanpk in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.6.3...

CVE-2024-2949 Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode'

The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to...

CVE-2024-2949

CVE-2024-2949 affects the WordPress plugin Carousel, Slider, Gallery by WP Carousel (WP Carousel Free). It is a Stored XSS in the carousel widget (sp_wp_carousel_shortcode) present in all versions up to and including 2.6.3. Exploitation requires authenticated access at contributor level or higher...

CVE-2022-4482

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be...

CVE-2022-4482 Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.5.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be...

CVE-2022-4482

The CVE-2022-4482 entry covers the WP Carousel (Carousel, Slider, Gallery) WordPress plugin before version 2.5.3. The vulnerability is a Stored XSS caused by insufficient validation and escaping of shortcode attributes, enabling a low-privilege user (contributor) to inject scripts that could affe...

Carousel, Slider, Gallery by WP Carousel < 2.5.3 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. Exploit...