4 matches found
WordPress Slider, Gallery, and Carousel by MetaSlider plugin <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter vulnerability
Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via aria-label Parameter vulnerability discovered by Asaf Mozes in WordPress Plugin Responsive Slider by MetaSlider versions = 3.98.0...
CVE-2025-5337
creationtimestamp| type| source ---|---|--- 2025-06-14 09:35:13+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/18375 2025-06-14 13:25:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lrl2h65l7s2o...
CVE-2025-5337 Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter
The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-5337
The CVE-2025-5337 entry affects the WordPress plugin Slider, Gallery, and Carousel by MetaSlider. It describes a Stored DOM-based Cross-Site Scripting vulnerability via the aria-label parameter in all versions up to 3.98.0, caused by insufficient input sanitization and output escaping. Exploitati...