📄 WordPress Slider‑Future 1.0.5 Arbitrary File Upload

This is a Metasploit module that demonstrates an unauthenticated file upload vulnerability in WordPress Slider‑Future plugin version 1.0.5. ============================================================================================================================================= | Title :...

CVE-2026-22346

Deserialization of Untrusted Data vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow slider-responsive-slideshow allows Object Injection.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through = 1.5.4...

PT-2026-21197

Name of the Vulnerable Software and Affected Versions A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow versions through 1.5.4 Description The software contains a flaw related to the deserialization of untrusted data, which allows for object injection. This issue impacts...

CVE-2025-68009 WordPress Slider Templates plugin <= 1.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Codeless Slider Templates slider-templates allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Slider Templates: from n/a through = 1.0.3...

CVE-2025-66157

Technical details for CVE-2025-66157 are not provided in the supplied documents; no affected versions, impact, vectors, or fixes are specified. Monitor official updates for additional information.

CVE-2025-14721

The Responsive and Swipe slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rsSlider shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

PT-2025-52543

Name of the Vulnerable Software and Affected Versions Responsive and Swipe slider plugin for WordPress versions prior to 1.0.3 Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping of user-supplied attributes within the...

PT-2025-50829

The Simple Nivo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode parameter in all versions up to, and including, 0.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2022-46845

CVE-2022-46845 affects the WordPress plugin Slider a SlidersPack (Image Slider, Post Slider, ACF Gallery Slider) prior to version 2.3. The issue is missing authorization due to incorrectly configured access control, allowing exploitation without authentication. Remediation: upgrade to Slider a Sl...

CVE-2025-62988

The CVE-2025-62988 entry pertains to a Server-Side Request Forgery (SSRF) in the WordPress Slider Templates plugin (slider-templates) affecting versions up to and including 1.0.3. The vulnerability is documented by multiple sources (Wordfence, Patchstack, CVE records) and is listed as Unpatched f...

WordPress Slider Templates plugin <= 1.0.3 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Nabil Irawan in WordPress Plugin Slider Templates versions = 1.0.3...

CVE-2025-11992 Multi Item Responsive Slider <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

CVE-2025-8676

CVE-2025-8676 concerns the WordPress plugin B Slider – Gutenberg Slider Block for WP (vulnerable:

CVE-2025-8418

CVE-2025-8418 : B Slider – Gutenberg Slider Block for WP (WordPress) is vulnerable up to version 1.1.30 due to missing capability checks on the activated_plugin function. Authenticated users with subscriber-level access or higher can install arbitrary plugins, potentially enabling remote code exe...

CVE-2021-24544

The Responsive WordPress Slider WordPress plugin through 2.2.0 does not sanitise and escape some of the Slider options, allowing Cross-Site Scripting payloads to be set in them. Furthermore, as by default any authenticated user is allowed to create Sliders...

CVE-2025-32152

CVE-2025-32152 concerns Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider (WordPress) with an authenticated (Contributor+) Local File Inclusion due to Improper Control of Filename for Include/Require in PHP. Affected versions: Slider a SlidersPack up to 2.3. The entry notes PHP...

WordPress Slider a SlidersPack Plugin <= 2.3 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by LVT-tholv2k in WordPress Plugin Slider a SlidersPack versions = 2.3...

CVE-2025-31529 WordPress Slider Path for Elementor plugin <= 3.0.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Rashid Slider Path for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slider Path for Elementor: from n/a through 3.0.0...

CVE-2025-31099 WordPress Slider by BestWebSoft <= 1.1.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bestwebsoft Slider by BestWebSoft allows SQL Injection. This issue affects Slider by BestWebSoft: from n/a through 1.1.0...

CVE-2025-31099 WordPress Slider by BestWebSoft plugin <= 1.1.0 - SQL Injection Vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in bestweblayout Slider by BestWebSoft slider-bws allows SQL Injection.This issue affects Slider by BestWebSoft: from n/a through = 1.1.0...