CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13116 – Crelly Slider < 1.4.7 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13116
06 Jan 2025 — The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Crelly Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.4.6 due to insufficient input sanitization and output escaping. This makes it pos... • https://wpscan.com/vulnerability/1755c8ad-7620-4b12-bba0-013e80c2691b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10102 – Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10102
17 Dec 2024 — The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks Photo Gallery, Images, Slider en Rbs Image Gallery WordPress del complemento de WordPress anterior a la versión 3.2.22 no desinfecta ni evita algunas de las configuraciones de la galería, lo que podría permitir que usuarios con privilegios elevados, como los co... • https://wpscan.com/vulnerability/3b34d1ec-5370-40a8-964e-663f4f9f42f8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11108 – Serious Slider < 1.2.7 - Contributor+ Stored XSS via Shortcode
https://notcve.org/view.php?id=CVE-2024-11108
29 Nov 2024 — The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Serious Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'serious-slider' shortcode in all versions up to, and including, 1.2.6 due to insufficient input sanitization and outp... • https://wpscan.com/vulnerability/7790af9d-621b-474c-b28c-c774e2a292bb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10473 – Logo Slider < 4.5.0 - Author+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10473
07 Nov 2024 — The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This... • https://wpscan.com/vulnerability/7512cbdf-cf27-4a1f-bac8-9fcb14bf463e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10896 – Logo Slider < 4.5.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10896
07 Nov 2024 — The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Brand Name" field in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and ab... • https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5429 – Logo Slider < 4.1.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-5429
26 Sep 2024 — The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks El complemento Logo Slider de WordPress anterior a la versión 4.1.0 no valida ni escapa algunas de las configuraciones de su control deslizante antes de mostrarlas nuevamente en atributos, lo que podría permitir que los usuarios con el rol de colaborador y su... • https://wpscan.com/vulnerability/ddb76c88-aeca-42df-830e-abffd29f1141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8283 – Slider by 10Web < 1.2.59 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-8283
09 Sep 2024 — The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.58 due to insufficient input sanitization and ou... • https://wpscan.com/vulnerability/a60aed55-c0a2-4912-8844-cdddf31d90b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6850 – Carousel Slider < 2.2.14 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-6850
23 Aug 2024 — The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level pe... • https://wpscan.com/vulnerability/c06995cb-1685-4751-811f-aead52a597a7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7716 – GS Logo Slider Lite < 3.6.9 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-7716
20 Aug 2024 — The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.8 due to ... • https://wpscan.com/vulnerability/cfa67c43-6f09-43f5-9fbe-32a98a82f548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6490 – Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion
https://notcve.org/view.php?id=CVE-2024-6490
26 Jul 2024 — During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10. • https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053 •