CVE-2026-4665

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

CVE-2026-4665 WP Carousel Free <= 2.7.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'data-caption' Attribute

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

PT-2026-36965

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

WordPress Carousel, Recent Post Slider and Banner Slider plugin <= 2.1 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Spice Post Slider versions = 2.1...

WordPress Carousel Slider plugin <= 2.2.14 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Magnific Popups JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel Slider versions = 2.2.14...

WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Nabil Irawan in WordPress Plugin Carousel Ultimate versions = 1.8...

CVE-2025-31928 WordPress Multimedia Responsive Carousel with Image Video Audio Support plugin <= 2.6.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in LambertGroup Multimedia Responsive Carousel with Image Video Audio Support multimedia-carousel allows SQL Injection.This issue affects Multimedia Responsive Carousel with Image Video Audio Support:...

WordPress Carousel, Slider, Gallery by WP Carousel plugin <= 2.6.8 - Authenticated (Editor+) Stored Cross-Site Scripting vulnerability

Authenticated Editor+ Stored Cross-Site Scripting vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.6.8...

WordPress Carousel Slider plugin < 2.2.11 - Editor+ Stored XSS vulnerability

Editor+ Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Carousel Slider versions 2.2.11...

WordPress Plugin Carousel, Recent Post Slider and Banner Slider Cross-Site Scripting Vulnerabilities

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...