4 matches found
CVE-2025-5337
The CVE-2025-5337 entry affects the WordPress plugin Slider, Gallery, and Carousel by MetaSlider. It describes a Stored DOM-based Cross-Site Scripting vulnerability via the aria-label parameter in all versions up to 3.98.0, caused by insufficient input sanitization and output escaping. Exploitati...
CVE-2022-2823
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallow...
CVE-2025-1062
CVE-2025-1062 affects the WordPress plugin “Slider, Gallery, and Carousel by MetaSlider” pre-3.95.0. The exposure comes from unsanitized/uncleaned and unescaped settings, enabling Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed, such as in multisite setup...
CVE-2025-26763
Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through = 3.94.0...