Lucene search
+L

4 matches found

RedhatCVE
RedhatCVE
added 2025/02/23 6:18 a.m.11 views

CVE-2024-13314

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

3.5CVSS5.6AI score0.00361EPSS
Exploits1References1
Circl
Circl
added 2025/02/21 6:17 a.m.7 views

CVE-2024-13314

creationtimestamp| type| source ---|---|--- 2025-02-21 06:17:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4863 2025-02-21 07:22:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3liobh2kaz62l 2025-02-21 08:03:24+00:00| seen|...

3.5CVSS8.7AI score0.00361EPSS
Exploits1References3
CVE
CVE
added 2025/02/21 6:0 a.m.56 views

CVE-2024-13314

CVE-2024-13314 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” (pre-2.7.4). The issue is insufficient sanitization/escaping of settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details show mitigation by up...

3.5CVSS3.5AI score0.00361EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/21 6:0 a.m.11 views

CVE-2024-13314 Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Admin+ Stored XSS

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...

3.5AI score0.00361EPSS
Exploits1References1
Rows per page
Query Builder