Crelly Slider Security Vulnerabilities and Issues — Crelly Slider CVE List

Lucene search

Crelly Slider ProjectCrelly Slider

4 matches found

CVE•added 2019/09/03 12:15 p.m.•69 views

CVE-2019-15866

The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.

8.8CVSS8.7AI score0.00487EPSS

CVE•added 2024/05/06 6:15 a.m.•49 views

CVE-2024-3752

The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

5.4CVSS5.6AI score0.0022EPSS

CVE•added 2025/01/27 6:15 a.m.•44 views

CVE-2024-13116

The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

3.8CVSS5.4AI score0.00015EPSS

CVE•added 2024/04/29 6:15 a.m.•39 views

CVE-2024-33542

Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.

4.3CVSS6.8AI score0.00129EPSS