19 matches found
CVE-2024-32600
CVE-2024-32600 describes a Deserialization of Untrusted Data vulnerability in Master Slider (Master Slider – Responsive Touch Slider). Affected range: from n/a through 3.9.5. The issue is categorized as an unauthenticated PHP Object Injection, enabling an attacker to exploit via deserialization o...
CVE-2023-47508
CVE-2023-47508 describes an unauthenticated reflected cross-site scripting (XSS) vulnerability in the Master Slider Pro WordPress plugin, affected versions
CVE-2024-0611
CVE-2024-0611 affects Master Slider – Responsive Touch Slider for WordPress. Connected docs confirm a Stored Cross-Site Scripting flaw in the slides callback, impacting versions up to and including 3.9.5. Exploitation requires authenticated Editor+ access and affects multisite setups or sites wit...
CVE-2024-32580
CVE-2024-32580 is a real issue in Master Slider (WordPress) up to version 3.9.8, caused by improper neutralization of input during web page generation, leading to a stored XSS vulnerability. The flaw allows attacker-supplied input to be stored and later rendered in pages, potentially affecting si...
CVE-2018-20368
CVE-2018-20368 affects the WordPress Master Slider plugin (versions around 3.2.7 and 3.5.1) and causes an XSS via the wp-admin/admin-ajax.php Name input field in the MSPanel.Settings value during Callback. The connected sources consistently describe it as a cross‑site scripting vulnerability in M...
CVE-2024-1449
CVE-2024-1449 relates to the Master Slider – Responsive Touch Slider WordPress plugin. It is vulnerable to a Stored Cross-Site Scripting (XSS) via the ms_slide shortcode in all versions up to and including 3.9.5, caused by insufficient input sanitization and output escaping on user-supplied attri...
CVE-2023-6326
CVE-2023-6326 affects Master Slider – Responsive Touch Slider for WordPress. The issue is Cross-Site Request Forgery due to missing/incorrect nonce validation in process_bulk_action, enabling unauthenticated attackers to duplicate or delete sliders via forged admin actions. Public references (Red...
CVE-2024-12173
CVE-2024-12173 affects the Master Slider WordPress plugin (before 3.10.5). The flaw is that certain settings are not properly sanitized/escaped, enabling stored XSS by high-privilege users (Editor and above) even when unfiltered_html is disallowed (e.g., multisite). The issue is documented across...
CVE-2024-37222
Technical details about CVE-2024-37222 are not provided in the connected documents. The initial description mentions Reflected XSS in Master Slider up to 3.10.0, but no product/version specifics or mitigations are confirmed here. Monitor for updates.
CVE-2024-4470
CVE-2024-4470 affects Master Slider – Responsive Touch Slider for WordPress. All versions ≤ 3.9.9 are vulnerable to Stored XSS via the ms_slide_info shortcode’s tag_name attribute due to insufficient input sanitization/output escaping. An authenticated attacker with contributor+ privileges can in...
CVE-2024-4375
CVE-2024-4375 affects Master Slider – Responsive Touch Slider for WordPress. A stored XSS vulnerability exists via the plugin’s ms_layer shortcode in all versions up to 3.9.10, caused by insufficient input sanitization and lack of proper output escaping on the css_id attribute. This allows authen...
CVE-2024-13757
CVE-2024-13757 : Master Slider – Responsive Touch Slider (WordPress) is affected up to version 3.10.6. The stored cross-site scripting vulnerability occurs in the ms_layer shortcode due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contribut...
CVE-2024-11731
The CVE-2024-11731 entry covers a Stored Cross-Site Scripting in WordPress Master Slider (ms_slider shortcode). Connected sources confirm the flaw affects Master Slider versions up to at least 3.10.7 (Wordfence/Patchstack entries) and is exploitable by an authenticated attacker with contributor-l...
CVE-2023-50900
CVE-2023-50900 affects the WordPress Master Slider plugin (versions <= 3.9.10). The vulnerability is a Cross-Site Request Forgery (CSRF) in Master Slider, with CVSSv3.1 base score 4.3 (NETWORK attack vector, LOW complexity, NONE confidentiality/availability impact, LOW integrity impact; user i...
CVE-2025-39412
CVE-2025-39412 is a Missing Authorization issue affecting WordPress Master Slider/Master Slider plugin. Public details show: Averta Master Slider affected up to version 3.10.8; Master Slider plugin affected up to 3.11.0 (per Patchstack). Applicable CVSS base metrics indicate low to moderate impac...
CVE-2024-6490
CVE-2024-6490 concerns the WordPress Master Slider plugin. Multiple sources confirm a CSRF vulnerability in Master Slider versions up to 3.9.10 that lets an unauthenticated attacker manipulate requests on behalf of a logged-in user, potentially deleting all sliders in the plugin. Affected compone...
CVE-2025-5291
CVE-2025-5291 concerns the WordPress plugin Master Slider – Responsive Touch Slider. The vulnerability is a Stored Cross-Site Scripting (XSS) in versions up to 3.10.8, triggered via user-supplied attributes in the masterslider_pb and ms_slide shortcodes. Exploitation requires authenticated access...
CVE-2023-6382
CVE-2023-6382 refers to the Master Slider – Responsive Touch Slider WordPress plugin. Affected versions are up to 3.9.9 and the flaw is a Stored Cross-Site Scripting in the ms_slide shortcode due to insufficient input sanitization and output escaping of the css_class attribute. Exploitation requi...
CVE-2025-58025
CVE-2025-58025: Master Slider (Master Slider – Responsive Touch Slider) suffers Stored Cross-Site Scripting in the WordPress plugin Master Slider <= 3.11.0. The vulnerability is documented with CVSS v3.1 base score 5.4 (Network attack, Low attack complexity; User interaction required; Confiden...