WordPress Prime Slider plugin <= 4.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'follow_us_text' Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'followustext' Parameter vulnerability discovered by WordFence in WordPress Plugin Prime Slider – Addons For Elementor versions = 4.1.10...

CVE-2024-1506

The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'titletags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-8442

The Prime Slider – Addons For Elementor Revolution of a slider, Hero Slider, Ecommerce Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Blog widget in all versions up to, and including, 3.15.18 due to insufficient input sanitization and output escaping on...

CVE-2024-3997

The CVE-2024-3997 issue affects WordPress plugin Prime Slider – Addons For Elementor (bdthemes-prime-slider-lite). It is a Stored Cross-Site Scripting vulnerability in the Pagepiling widget, present in all versions up to 3.14.1, caused by insufficient input sanitization and output escaping on use...