Lucene search
K

4 matches found

Patchstack
Patchstack
added 2025/06/17 11:0 a.m.7 views

WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via aria-label Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Responsive Slider by MetaSlider versions = 3.98.0...

6.4CVSS5.9AI score0.00209EPSS
Exploits0References1Affected Software1
Circl
Circl
added 2025/06/14 9:35 a.m.17 views

CVE-2025-5337

creationtimestamp| type| source ---|---|--- 2025-06-14 09:35:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18375 2025-06-14 13:25:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrl2h65l7s2o...

6.4CVSS4.8AI score0.00209EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/14 9:23 a.m.21 views

CVE-2025-5337 Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter

The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS0.00209EPSS
Exploits0References4
CVE
CVE
added 2025/06/14 9:23 a.m.49 views

CVE-2025-5337

The CVE-2025-5337 entry affects the WordPress plugin Slider, Gallery, and Carousel by MetaSlider. It describes a Stored DOM-based Cross-Site Scripting vulnerability via the aria-label parameter in all versions up to 3.98.0, caused by insufficient input sanitization and output escaping. Exploitati...

6.4CVSS5.7AI score0.00209EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder