Lucene search
+L
MajeedrazaCarousel Slider

7 matches found

CVE
CVE
added 2024/05/21 6:0 a.m.76 views

CVE-2024-4372

CVE-2024-4372 affects the Carousel Slider WordPress plugin (versions before 2.2.11). The issue is a stored XSS risk due to inadequate sanitization/escaping of certain parameters, exploitable by users with as little as Editor privileges. The Red Hat and Patchstack records corroborate the same vuln...

5.4CVSS6AI score0.00399EPSS
CVE
CVE
added 2024/12/13 2:24 p.m.73 views

CVE-2023-41848

CVE-2023-41848 affects the WordPress Carousel Slider plugin, versions

5.3CVSS8.5AI score0.00466EPSS
CVE
CVE
added 2024/09/01 11:55 p.m.70 views

CVE-2024-45269

CVE-2024-45269: CSRF vulnerability in WordPress Carousel Slider (plugin by Sayful Islam) affecting Carousel Slider

4.3CVSS6.5AI score0.00256EPSS
CVE
CVE
added 2024/04/15 5:0 a.m.68 views

CVE-2024-1712

The Carousel Slider WordPress plugin prior to version 2.2.7 does not sanitize/escape certain settings, allowing Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Affected versions:

4.7CVSS7.6AI score0.00484EPSS
CVE
CVE
added 2024/05/03 6:0 a.m.61 views

CVE-2024-3703

CVE-2024-3703 affects the Carousel Slider WordPress plugin prior to 2.2.10. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw arising from failure to validate/escape certain Slide options before they are output in the page/post where the Slide shortcode is embedded. Reports from Red H...

4.7CVSS5.8AI score0.00497EPSS
CVE
CVE
added 2024/09/01 11:55 p.m.60 views

CVE-2024-45270

CVE-2024-45270 concerns the WordPress plugin Carousel Slider by Sayful Islam. Public details in the CVE describe a Cross-Site Request Forgery (CSRF) vulnerability in the Hero image selection feature that can, when a site user with the plugin enabled visits a crafted page, cause content changes on...

4.3CVSS6.5AI score0.00215EPSS
CVE
CVE
added 2024/09/13 6:0 a.m.49 views

CVE-2024-6850

The CVE-2024-6850 entry concerns the Carousel Slider WordPress plugin prior to version 2.2.4. The affected component is the plugin’s settings handling, which does not adequately sanitise/escape certain settings, enabling Cross-Site Scripting by high-privilege users (e.g., editors). The advisory d...

4.8CVSS4.8AI score0.00325EPSS