Lucene search
K

63 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 4:7 a.m.4 views

CVE-2015-9434

The kiwi-logo-carousel plugin before 1.7.2 for WordPress has CSRF with resultant XSS via the wp-admin/edit.php?posttype=kwlogos=kwlogossettings tab or tabflagsorder parameter...

6.5CVSS6.1AI score0.00867EPSS
Exploits1References1
CVE
CVE
added 2025/05/15 8:9 p.m.28 views

CVE-2024-4002

CVE-2024-4002 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” up to version 2.6.9. The issue comes from insufficient sanitization/escaping of certain settings, enabling stored cross-site scripting (Stored XSS) by high-privilege users (e.g., admins) even when unfiltered_htm...

3.5CVSS5.7AI score0.00315EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

WordPress plugin WP Carousel 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

3.5CVSS5.9AI score0.00315EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/04/15 9:22 a.m.7 views

CVE-2025-2083 Logo Carousel Gutenberg Block <= 2.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via sliderId Parameter

The Logo Carousel Gutenberg Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sliderId’ parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS5.9AI score0.0029EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/02/23 6:18 a.m.9 views

CVE-2024-13314

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

3.5CVSS5.6AI score0.00361EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/21 6:0 a.m.10 views

CVE-2024-13314 Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Admin+ Stored XSS

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

3.5AI score0.00361EPSS
Exploits1References1
CVE
CVE
added 2025/02/21 6:0 a.m.56 views

CVE-2024-13314

CVE-2024-13314 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” (pre-2.7.4). The issue is insufficient sanitization/escaping of settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details show mitigation by up...

3.5CVSS3.5AI score0.00361EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2025/02/21 12:0 a.m.5 views

WordPress plugin Carousel, Slider, Gallery by WP Carousel 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

3.5CVSS8.7AI score0.00361EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/01/21 1:40 p.m.8 views

CVE-2025-22553 WordPress Multiple Carousel Plugin <= 2.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Multiple Carousel allows SQL Injection. This issue affects Multiple Carousel: from n/a through 2.0...

9.3CVSS7.7AI score0.00337EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/12/03 11:52 p.m.5 views

WordPress Carousel, Slider, Gallery by WP Carousel plugin <= 2.6.8 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library vulnerability discovered by Webbernaut in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.6.8...

6.4CVSS6.1AI score0.00421EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/28 12:44 p.m.3 views

WordPress Vertical Carousel plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Vertical Carousel versions = 1.0.2...

6.5CVSS6.1AI score0.00283EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2024/07/06 12:0 a.m.4 views

WordPress plugin Image Hover Effects with Carousel security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS6.8AI score0.00237EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/06 12:0 a.m.14 views

WordPress Image Hover Effects - Caption Hover with Carousel Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)

Software Image Hover Effects - Caption Hover with Carousel Type Plugin Vulnerable versions = 3.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37546 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1e0b4b757b67 Credits Khalid...

6.5CVSS6.7AI score0.00237EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/20 3:37 a.m.29 views

CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/functio...

6.5CVSS0.00514EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/11 11:39 a.m.4 views

WordPress Carousel, Slider, Gallery by WP Carousel plugin <= 2.6.3 - Admin+ PHP Object Injection vulnerability

Admin+ PHP Object Injection vulnerability discovered by hoanpk in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.6.3...

7.2CVSS7.3AI score0.00973EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/08 5:11 a.m.3 views

WordPress Carousel, Slider, Gallery by WP Carousel plugin <= 2.6.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sp_wp_carousel_shortcode' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'spwpcarouselshortcode' vulnerability discovered by Phuoc Pham p3tl0v3r in WordPress Plugin Carousel, Slider, Gallery by WP Carousel versions = 2.6.3...

6.4CVSS5.8AI score0.00346EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/04/06 7:15 a.m.4 views

CVE-2024-2949

The Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the carousel widget in all versions up to, and including, 2.6.3 due to...

5.4CVSS7.4AI score0.00346EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

Post Grid, Slider & Carousel Ultimate < 1.6.7 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Post Grid, Slider & Carousel Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

6.5CVSS5.8AI score0.00336EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/27 8:15 a.m.3 views

CVE-2024-29925

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6...

5.4CVSS5.8AI score0.00336EPSS
Exploits0References1
OSV
OSV
added 2024/02/10 8:15 a.m.4 views

CVE-2024-24801

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0...

5.4CVSS7.3AI score0.00333EPSS
Exploits0References1
Rows per page
Query Builder