CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites – Post Grids, Sliders, Carousels, Counters, Page Builder & Starter Site Imports, No Coding Needed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the HTML attributes of Image Carousel and Image...

6.4CVSS5.5AI score0.00229EPSS

Exploits0References1

CVE•added 2025/08/01 11:18 a.m.•26 views

CVE-2025-4684

CVE-2025-4684 affects the WordPress plugin BlockSpare (Gutenberg Blocks & Patterns) up to version 3.2.13.1. The vulnerability is a Stored Cross‑Site Scripting flaw stemming from insufficient input sanitization and output escaping in the HTML attributes of the Image Carousel and Image Slider widge...

6.4CVSS5.5AI score0.00229EPSS

Exploits0References2

Vulnrichment•added 2025/08/01 11:18 a.m.•3 views

CVE-2025-4684 BlockSpare: Gutenberg Blocks & Patterns for Blogs, Magazines, Business Sites <= 3.2.13.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Image Slider Widgets

6.4CVSS5.9AI score0.00229EPSS

Exploits0References2

RedhatCVE•added 2025/05/23 6:39 a.m.•4 views

CVE-2024-51842

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Sazzad Image Carousel Shortcode image-carousel-shortcode allows DOM-Based XSS.This issue affects Image Carousel Shortcode: from n/a through = 1.2...

6.5CVSS7.2AI score0.00374EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 6:2 a.m.•4 views

CVE-2023-28792

Unauth. Reflected Cross-Site Scripting XSS vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin = 1.0.15 versions...

7.1CVSS5.8AI score0.00382EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:56 a.m.•1 views

CVE-2023-0589

The WP Image Carousel WordPress plugin through 1.0.2 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks...

5.4CVSS5.7AI score0.00444EPSS

Exploits2References1

Patchstack•added 2025/01/27 10:38 p.m.•5 views

WordPress Divi Carousel Lite plugin <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets vulnerability discovered by Webbernaut in WordPress Plugin Divi Carousel Lite versions = 2.0.4...

6.4CVSS5.8AI score0.00338EPSS

Exploits0References1Affected Software1

OSV•added 2025/01/25 10:15 a.m.•2 views

CVE-2025-0350

The Divi Carousel Maker – Image, Logo, Testimonial, Post Carousel & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping on us...

5.4CVSS7.5AI score

Exploits0References5

Cvelist•added 2025/01/25 9:22 a.m.•16 views

CVE-2025-0350 Divi Carousel Lite <= 2.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Carousel and Logo Carousel Widgets

6.4CVSS0.00338EPSS

Exploits0References5

Positive Technologies•added 2025/01/25 12:0 a.m.•4 views

PT-2025-3845 · WordPress · Divi Carousel Maker

Name of the Vulnerable Software and Affected Versions: Divi Carousel Maker plugin for WordPress versions up to, and including, 2.0.4 Description: The Divi Carousel Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Carousel and Logo Carousel in all...

6.4CVSS5.9AI score0.00338EPSS

Exploits0References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by