CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

61 matches found

ATTACKERKB•added 2026/05/05 3:37 a.m.•1 views

CVE-2026-4665

The WP Carousel Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via crafted fancybox data-caption attributes in all versions up to, and including, 2.7.10. This is due to the fancybox-config.js script reading the carousel container's id attribute directly from the DOM to...

6.4CVSS6AI score0.00034EPSS

Exploits0References5

Positive Technologies•added 2026/05/05 12:0 a.m.•4 views

PT-2026-36965

6.4CVSS6AI score0.00034EPSS

Exploits0References5

Patchstack•added 2026/04/14 11:37 a.m.•2 views

WordPress WP Responsive Recent Post Slider/Carousel plugin <= 3.7.1 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Responsive Recent Post Slider/Carousel versions = 3.7.1...

5.8AI score

Exploits0References1Affected Software1

NVD•added 2026/03/21 4:16 a.m.•1 views

CVE-2026-1275

The Multi Post Carousel by Category plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slides' shortcode attribute in all versions up to, and including, 1.4. This is due to insufficient input sanitization and output escaping on the user-supplied 'slides' parameter in the...

6.4CVSS0.00043EPSS

Exploits0References3

CVE•added 2026/03/21 3:26 a.m.•3 views

CVE-2026-1275

CVE-2026-1275 concerns the WordPress plugin Multi Post Carousel by Category and its vulnerability to a Stored Cross-Site Scripting (XSS) via the slides shortcode attribute in all versions up to 1.4. The root cause is insufficient input sanitization and output escaping in the function handling the...

6.4CVSS6AI score0.00043EPSS

Exploits0References3

CVE•added 2026/01/22 4:52 p.m.•10 views

CVE-2026-22388

CVE-2026-22388 is a Cross-Site Scripting (Stored XSS) vulnerability in the WordPress plugin Owl Carousel WP (owl-carousel-wp) , affecting versions from unspecified through 2.2.2. The issue arises from improper input neutralization during web page generation, enabling attackers to inject malicious...

5.9CVSS5.4AI score0.00017EPSS

Exploits0References1

Cvelist•added 2026/01/22 4:52 p.m.•13 views

CVE-2026-22388 WordPress Owl Carousel WP plugin <= 2.2.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Owl Carousel WP owl-carousel-wp allows Stored XSS.This issue affects Owl Carousel WP: from n/a through = 2.2.2...

5.9CVSS0.00017EPSS

Exploits0References1

Vulnrichment•added 2026/01/22 4:51 p.m.•2 views

CVE-2025-49043 WordPress Magic Responsive Slider and Carousel WordPress plugin <= 1.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magiccarousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through = 1.6...

7.1CVSS5.9AI score0.00064EPSS

Exploits0References1

CVE•added 2026/01/22 4:51 p.m.•4 views

CVE-2025-49043

CVE-2025-49043: WordPress plugin Magic Responsive Slider and Carousel (magic_carousel) is affected by Reflected XSS due to improper input neutralization during page generation. Affected: Magic Responsive Slider and Carousel WordPress plugin

7.1CVSS5.6AI score0.00064EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2015-9274

Malware in sbrugna...

6.5CVSS6.5AI score0.00186EPSS

Exploits1References4

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2014-4529

Malware in sbrugna...

4.3CVSS6.4AI score0.00174EPSS

Exploits1References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-27894

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00207EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2023-28474

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00298EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•0 views

EUVD-2023-48588

Malicious code in bioql PyPI...

5.9CVSS6.2AI score0.00127EPSS

Exploits0References1

RedhatCVE•added 2025/06/28 2:5 a.m.•4 views

CVE-2025-5590

The Owl carousel responsive plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter in all versions up to, and including, 1.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...

8.8CVSS6.8AI score0.00167EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 5:12 a.m.•4 views

CVE-2023-23808

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Sergey Panasenko Sponsors Carousel plugin = 4.02 versions...

5.9CVSS5.6AI score0.00207EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:54 a.m.•5 views

CVE-2023-24418

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Tiny carousel horizontal slider plus plugin = 3.2 versions...

5.9CVSS5.6AI score0.00298EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 4:51 a.m.•4 views

CVE-2023-28499

Auth. author+ Stored Cross-Site Scripting XSS vulnerability in simonpedge Slide Anything – Responsive Content / HTML Slider and Carousel plugin = 2.4.9 versions...

5.4CVSS5.5AI score0.00287EPSS

Exploits0References1

RedhatCVE•added 2025/05/22 4:7 a.m.•2 views

CVE-2015-9434

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=kwlogos=kwlogossettings tab or tabflagsorder parameter...

6.5CVSS6.1AI score0.00186EPSS

Exploits1References1

CVE•added 2025/05/15 8:9 p.m.•19 views

CVE-2024-4002

CVE-2024-4002 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” up to version 2.6.9. The issue comes from insufficient sanitization/escaping of certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_htm...

3.5CVSS5.7AI score0.00091EPSS

Exploits1References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by