7 matches found
CVE-2024-4372
CVE-2024-4372 affects the Carousel Slider WordPress plugin (versions before 2.2.11). The issue is a stored XSS risk due to inadequate sanitization/escaping of certain parameters, exploitable by users with as little as Editor privileges. The Red Hat and Patchstack records corroborate the same vuln...
CVE-2023-41848
CVE-2023-41848 affects the WordPress Carousel Slider plugin, versions
CVE-2024-45269
CVE-2024-45269: CSRF vulnerability in WordPress Carousel Slider (plugin by Sayful Islam) affecting Carousel Slider
CVE-2024-1712
The Carousel Slider WordPress plugin prior to version 2.2.7 does not sanitize/escape certain settings, allowing Stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (e.g., multisite). Affected versions:
CVE-2024-3703
CVE-2024-3703 affects the Carousel Slider WordPress plugin prior to 2.2.10. The vulnerability is a Stored Cross-Site Scripting (XSS) flaw arising from failure to validate/escape certain Slide options before they are output in the page/post where the Slide shortcode is embedded. Reports from Red H...
CVE-2024-45270
CVE-2024-45270 concerns the WordPress plugin Carousel Slider by Sayful Islam. Public details in the CVE describe a Cross-Site Request Forgery (CSRF) vulnerability in the Hero image selection feature that can, when a site user with the plugin enabled visits a crafted page, cause content changes on...
CVE-2024-6850
The CVE-2024-6850 entry concerns the Carousel Slider WordPress plugin prior to version 2.2.4. The affected component is the plugin’s settings handling, which does not adequately sanitise/escape certain settings, enabling Cross-Site Scripting by high-privilege users (e.g., editors). The advisory d...