Smart Slider 3 Security Vulnerabilities and Issues — Smart Slider 3 CVE List

Lucene search

NextendwebSmart Slider 3

5 matches found

CVE•added 2022/10/31 4:15 p.m.•80 views

CVE-2022-3357

The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site.

8.8CVSS8.9AI score0.13097EPSS

CVE•added 2023/03/27 4:15 p.m.•69 views

CVE-2023-0660

The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atta...

5.4CVSS5.2AI score0.00161EPSS

CVE•added 2024/04/13 2:15 a.m.•57 views

CVE-2024-3027

The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, with contributor-level access and above, to upload ...

6.4CVSS5.6AI score0.00126EPSS

CVE•added 2024/01/19 3:15 p.m.•49 views

CVE-2022-45845

Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9.

8.8CVSS8.6AI score0.00375EPSS

CVE•added 2023/03/23 12:15 p.m.•48 views

CVE-2022-45843

Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.

5.4CVSS5.3AI score0.00202EPSS