1231 matches found
GHSA-5HR6-R8H6-WH22 JetPack Exposure of Resource to Wrong Sphere
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published...
JetPack Exposure of Resource to Wrong Sphere
The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was found within the Jetpack Carousel module by nguyenhgvcs that allowed the comments of non-published...
Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed PoC Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...
WordPress Carousel CK plugin <= 1.1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Carousel CK plugin versions = 1.1.0. Solution Deactivate and delete. This plugin has been closed as of May 16, 2022 and is not available for download. This closure is temporary, pending a full revi...
Carousel CK <= 1.1.0 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Create/edit a Carousel, add a Slide and put the following payload in the Description The XSS will be...
Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed Create/edit a video from a slider and put the following payload in the Description: , then save/update the vide...
WordPress Video Slider – Slider Carousel plugin <= 1.4.6 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Video Slider – Slider Carousel plugin versions = 1.4.6. Solution Update the WordPress Video Slider – Slider Carousel plugin to the latest available version at least 1.4.8...
Video Slider - Slider Carousel < 1.4.8 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitize or escape some of its video settings, which could allow high-privileged users to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC Create/edit a video from a slider and put the following payload in the Description: , then save/update the...
WordPress Nitek Carousel Slider Cool Transitions plugin <= 1.1.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Nitek Carousel Slider Cool Transitions plugin versions = 1.1.0. Solution No patched version available...
WordPress Ultimate Carousel For Divi plugin <= 4.3.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Ultimate Carousel For Divi plugin versions = 4.3.0. Solution Update the WordPress Ultimate Carousel For Divi plugin to the latest available version at least 4.3.1...
WordPress WP Tools Divi Product Carousel plugin <= 1.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Tools Divi Product Carousel plugin versions = 1.4.0. Solution Update the WordPress WP Tools Divi Product Carousel plugin to the latest available version at least 1.5.0...
WordPress Ultimate Carousel For Divi plugin <= 4.3.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Ultimate Carousel For Divi plugin versions = 4.3.0. Solution Update the WordPress Ultimate Carousel For Divi plugin to the latest available version at least 4.3.1...
WordPress Post Carousel Divi plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Post Carousel Divi plugin versions = 1.1.0. Solution Update the WordPress Post Carousel Divi plugin to the latest available version at least 1.1.1...
WordPress Image Carousel For Divi plugin <= 1.4.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Image Carousel For Divi plugin versions = 1.4.0. Solution Update the WordPress Image Carousel For Divi plugin to the latest available version at least 1.5.0...
WordPress Product Carousel For WooCommerce – WoorouSell plugin < 1.0.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Product Carousel For WooCommerce – WoorouSell plugin versions 1.0.9. Solution Update the WordPress Product Carousel For WooCommerce – WoorouSell plugin to the latest available version at least 1.0.9...
WordPress WP Tools Divi Product Carousel plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP Tools Divi Product Carousel plugin versions = 1.4.0. Solution Update the WordPress WP Tools Divi Product Carousel plugin to the latest available version at least 1.5.0...
WordPress Image Carousel For Divi plugin <= 1.4.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Image Carousel For Divi plugin versions = 1.4.0. Solution Update the WordPress Image Carousel For Divi plugin to the latest available version at least 1.5.0...
WordPress WP Tools Divi Blog Carousel plugin <= 1.2.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WP Tools Divi Blog Carousel plugin versions = 1.2.0. Solution Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version at least 1.3.0...
WordPress Nitek Carousel Slider Cool Transitions plugin <= 1.1.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Nitek Carousel Slider Cool Transitions plugin versions = 1.1.0. Solution No patched version available...
WordPress WP Tools Divi Blog Carousel plugin <= 1.2.0 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP Tools Divi Blog Carousel plugin versions = 1.2.0. Solution Update the WordPress WP Tools Divi Blog Carousel plugin to the latest available version at least 1.3.0...