9 matches found
CVE-2024-32578
Technical details for CVE-2024-32578 are not publicly provided in the supplied documents. The initial description notes a reflected XSS in 10Web Slider, but there are no connected documents with affected versions, exploitation vectors, remediation steps, or verification data.
CVE-2022-4197
The CVE-2022-4197 issue affects the Sliderby10Web WordPress plugin (versions prior to 1.2.53). It does not sanitize and escape some settings, enabling stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in multisite setups). The vulnerability is asso...
CVE-2024-7150
The CVE-2024-7150 entry concerns Slider by 10Web – Responsive Image Slider for WordPress. Affected: all versions up to 1.2.57. Root cause: time-based SQL Injection due to insufficient escaping of the id parameter and lack of proper query preparation. Impact: authenticated attackers with Contribut...
CVE-2024-6026
The CVE-2024-6026 issue affects the Slider by 10Web WordPress plugin prior to version 1.2.56. The vulnerability arises from insufficient sanitisation/escaping of certain Slide options, allowing authenticated users with access to the Sliders (default Administrator, configurable) who can add images...
CVE-2024-6408
CVE-2024-6408 affects the Slider by 10Web WordPress plugin, prior to version 1.2.57. The flaw is an insufficient sanitization/escaping of the Slider Title, enabling Cross‑Site Scripting by high‑privilege users (e.g., Editors) even when unfiltered_html is disallowed. Red Hat confirms the issue tex...
CVE-2021-24132
CVE-2021-24132 affects the WordPress plugin Slider by 10Web up to version 1.2.35; version 1.2.36 fixes it. The root cause is a SQL Injection in the plugin’s admin endpoints (bulk_action, export_full, save_slider_db) exploitable by an authenticated user (Admin or certain Contributor+ roles when en...
CVE-2024-10566
CVE-2024-10566 affects Slider by 10Web (WordPress plugin) prior to version 1.2.62. The vulnerability arises from improper sanitization/escaping of certain plugin settings, enabling a stored XSS condition that could be triggered by high-privilege users (e.g., admins) even when unfiltered_html is d...
CVE-2024-10565
CVE-2024-10565 affects the Slider by 10Web WordPress plugin. The issue arises because the plugin does not sanitize or escape certain settings, enabling a high-privilege user (e.g., an admin) to perform a Stored XSS attack, even when unfiltered_html is disallowed (such as in multisite). The vulner...
CVE-2024-8283
CVE-2024-8283 concerns The Slider by 10Web WordPress plugin (versions