4 matches found
CVE-2024-13314
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...
CVE-2024-13314
creationtimestamp| type| source ---|---|--- 2025-02-21 06:17:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4863 2025-02-21 07:22:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3liobh2kaz62l 2025-02-21 08:03:24+00:00| seen|...
CVE-2024-13314
CVE-2024-13314 affects the WordPress plugin “Carousel, Slider, Gallery by WP Carousel” (pre-2.7.4). The issue is insufficient sanitization/escaping of settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed. Public details show mitigation by up...
CVE-2024-13314 Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Admin+ Stored XSS
The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in...