Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
QuantumcloudSlider Hero

3 matches found

CVE
CVEadded 2021/08/23 11:9 a.m.73 views

CVE-2021-24506

The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin (before version 8.2.7) contains a SQL injection vulnerability: the id attribute of the hero-button shortcode is not sanitized/escaped before being used in a SQL statement, enabling users with a role as low as Contribu...

8.8CVSS9AI score0.01362EPSS
CVE
CVEadded 2022/09/26 12:35 p.m.64 views

CVE-2022-3074

The CVE-2022-3074 entry is about the Slider Hero WordPress plugin (versions prior to 8.4.4). The vulnerability stems from the plugin not escaping the slider Name, enabling Cross-Site Scripting (XSS) by high-privileged users (admin+). Exploitation is described as a stored XSS condition, with notab...

4.8CVSS4.9AI score0.00475EPSS
CVE
CVEadded 2023/07/12 6:52 a.m.47 views

CVE-2021-4424

CVE-2021-4424 covers a CSRF vulnerability in the Slider Hero WordPress plugin (versions up to 8.2.0) caused by missing/incorrect nonce validation in qc_slider_hero_duplicate(). This allows unauthenticated attackers to duplicate slides via forged requests if a site admin is tricked. Affected softw...

4.3CVSS4.2AI score0.0035EPSS