26 matches found
CVE-2026-4076
The Slider Bootstrap Carousel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'category' and 'template' shortcode attributes in all versions up to and including 1.0.7. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attribute...
CVE-2025-49043
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magiccarousel allows Reflected XSS.This issue affects Magic Responsive Slider and Carousel WordPress: from n/a through = 1.6...
CVE-2023-25457
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1...
CVE-2025-11370
CVE-2025-11370 concerns the Depicter — Popup & Slider Builder plugin for WordPress (versions up to 4.0.7). The vulnerability arises from a missing capability check in RulesAjaxController::store, enabling unauthenticated users to modify popup display settings. Wordfence’s vulnerability entry (and ...
EUVD-2023-29412
Malicious code in bioql PyPI...
CVE-2024-29925
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows Stored XSS.This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.6...
CVE-2025-24782
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in wpWax Post Grid, Slider & Carousel Ultimate allows PHP Local File Inclusion. This issue affects Post Grid, Slider & Carousel Ultimate: from n/a through 1.6.10...
WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerability
Local File Inclusion vulnerability discovered by João Pedro Soares de Alcântara Kinorth in WordPress Plugin Post Grid, Slider & Carousel Ultimate versions = 1.6.10...
CVE-2024-13409 Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler()
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.6.10 via the 'theme' parameter of the posttypeajaxhandler function. This makes it possible for...
CVE-2023-25457
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1...
CVE-2023-25457 WordPress Slider Carousel – Responsive Image Slider plugin <=1.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1...
CVE-2023-25457
CVE-2023-25457 (WordPress Slider Carousel – Responsive Image Slider) is a Missing Authorization/Broken Access Control vulnerability in the Richteam Slider Carousel – Responsive Image Slider plugin. Affected versions: 1.5.1 and earlier (WordPress plugin “slider-images”). Root cause: unauthorized a...
CVE-2023-25457 WordPress Slider Carousel – Responsive Image Slider plugin <=1.5.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Richteam Slider Carousel – Responsive Image Slider.This issue affects Slider Carousel – Responsive Image Slider: from n/a through 1.5.1...
PT-2024-12060 · Unknown · Richteam Slider Carousel – Responsive Image Slider
Name of the Vulnerable Software and Affected Versions: Richteam Slider Carousel – Responsive Image Slider versions 1.5.1 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Richteam Slider Carousel – Responsive Image Slider. Recommendations: For versions...
CVE-2024-29925
Technical details about CVE-2024-29925 (affected product/version, root cause, impact, and fix) are not provided in the supplied documents; monitor for updates.
WordPress Post Grid, Slider & Carousel Ultimate Plugin <= 1.6.6 is vulnerable to Cross Site Scripting (XSS)
Software Post Grid, Slider & Carousel Ultimate Type Plugin Vulnerable versions = 1.6.6 Fixed in 1.6.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29925 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID e415424c3ca8 Credits LVT-tholv2k...
Deserialization of untrusted data
The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpostshortcodemetaboxmarkup function. This makes it...
CVE-2024-2006
CVE-2024-2006 affects the WordPress plugin Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget, up to version 1.6.7. Description: PHP Object Injection via deserialization of untrusted input in outpost_shortcode_metabox_markup, exploitable by authenticated us...
WordPress Plugin Post Grid, Slider & Carousel Ultimate Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2023-47226
A vulnerability in Nks Post Sliders & Post Grids post-slider-carousel.This issue affects Post Sliders & Post Grids: from n/a through = 1.0.20...