4 matches found
CVE-2024-43161
CVE-2024-43161 involves an improperly neutralized input in Averta Depicter Slider, enabling stored XSS. Affected: Depicter Slider versions up to and including 3.1.2. Mode of attack: authenticated (Editor+) Stored Cross-Site Scripting. Impact is cross-site script execution within the application c...
CVE-2023-6493
The Depicter Slider WordPress plugin (Averta Depicter Slider) is vulnerable to Cross-Site Request Forgery in all versions up to 2.0.6 due to missing/incorrect nonce validation on the save function. Unauthenticated attackers can modify plugin settings by tricking an administrator into performing a...
CVE-2024-47381
CVE-2024-47381 is a stored XSS in Averta Depicter Slider (WordPress Slider & Popup Builder). Public sources confirm vulnerability in Depicter Slider up to version 3.2.2, with a fixed release in 3.5.0. Root cause: improper neutralization of input during web page generation that enables stored XSS....
CVE-2022-47176
CVE-2022-47176 affects WordPress Depicter Slider (plugin) up to version 1.9.0. Root cause: missing authorization check leading to broken access control. Impact is described as low to medium (CVSS 4.3). Public details come from multiple sources (Wordfence entry, Red Hat/CNVD entries, Patchstack sy...