3 matches found
WordPress Custom Post Carousels with Owl plugin < 1.4.12 - Contributor+ Stored XSS vulnerability
Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin Custom Post Carousels with Owl versions 1.4.12...
CVE-2025-5125 Custom Post Carousels with Owl < 1.4.12 - Contributor+ Stored XSS
The Custom Post Carousels with Owl WordPress plugin before 1.4.12 uses the featherlight library and makes use of the data-featherlight attribute without sanitizing before using it...
CVE-2025-5125
The CVE-2025-5125 entry affects the WordPress plugin “Custom Post Carousels with Owl”, specifically versions prior to 1.4.12. The root cause is unsanitized input in the data-featherlight attribute used by the Featherlight library, enabling a Stored XSS condition as described by multiple sources. ...