Master Slider Security Vulnerabilities and Issues — Master Slider CVE List

Lucene search

AvertaMaster Slider

18 matches found

CVE•added 2024/04/18 11:15 a.m.•76 views

CVE-2024-32600

Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5.

9.6CVSS8.2AI score0.0051EPSS

CVE•added 2023/11/16 7:15 p.m.•73 views

CVE-2023-47508

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin

7.1CVSS6.1AI score0.00096EPSS

CVE•added 2024/03/02 12:16 p.m.•70 views

CVE-2024-0611

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scri...

4.8CVSS4.5AI score0.00217EPSS

CVE•added 2018/12/23 2:29 a.m.•64 views

CVE-2018-20368

The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.

5.4CVSS5.2AI score0.00197EPSS

CVE•added 2024/03/02 12:15 p.m.•64 views

CVE-2023-6326

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for unauthenticated attackers ...

5.4CVSS6.1AI score0.00047EPSS

CVE•added 2024/04/18 10:15 a.m.•63 views

CVE-2024-32580

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8.

6.5CVSS6.4AI score0.00133EPSS

CVE•added 2024/03/02 12:16 p.m.•60 views

CVE-2024-1449

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl...

6.4CVSS5.8AI score0.00094EPSS

CVE•added 2025/02/19 6:15 a.m.•57 views

CVE-2024-12173

The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

3.5CVSS5.7AI score0.0003EPSS

CVE•added 2024/06/20 3:15 p.m.•57 views

CVE-2024-37222

Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0.

7.1CVSS6.6AI score0.00098EPSS

CVE•added 2024/05/21 7:15 a.m.•47 views

CVE-2024-4470

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tag_name' attribute. This...

6.4CVSS5.7AI score0.00169EPSS

CVE•added 2024/06/19 10:15 a.m.•44 views

CVE-2023-50900

Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.

4.3CVSS4.6AI score0.00048EPSS

CVE•added 2024/06/18 3:15 a.m.•44 views

CVE-2024-4375

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute. This m...

6.4CVSS5.5AI score0.0007EPSS

CVE•added 2025/03/05 10:15 a.m.•41 views

CVE-2024-13757

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...

6.4CVSS5.9AI score0.00057EPSS

CVE•added 2025/03/05 10:15 a.m.•40 views

CVE-2024-11731

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi...

6.4CVSS5.9AI score0.00057EPSS

CVE•added 2024/07/26 6:15 a.m.•40 views

CVE-2024-6490

During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10.

6.5CVSS6.4AI score0.00017EPSS

CVE•added 2025/05/19 6:15 p.m.•38 views

CVE-2025-39412

Missing Authorization vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.10.8.

4.3CVSS4.7AI score0.00034EPSS

CVE•added 2024/06/01 5:15 a.m.•20 views

CVE-2023-6382

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This mak...

6.4CVSS5.9AI score0.00197EPSS

CVE•added 2025/06/17 12:15 p.m.•17 views

CVE-2025-5291

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes....

6.4CVSS5.7AI score0.00044EPSS