CVE-2022-4197 – Sliderby10Web < 1.2.53 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4197
The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento Sliderby10Web de WordPress anterior a la versión 1.2.53 no sanitiza ni escapa algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting (XSS) Almacenado incluso cuando la capacidad unfiltered_html no está permitida (por ejemplo, en una configuración multisitio). The Sliderby10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via slider row links in versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping. This makes it possible for administrator-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://wpscan.com/vulnerability/96818024-57ab-419d-bd46-7d2da98269e6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-24132 – Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24132
The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks. El plugin Slider para 10Web WordPress, versiones anteriores a 1.2.36, en las funcionalidades bulk_action, export_full y save_slider_db del plugin, eran vulnerables, permitiendo a un usuario muy privilegiado (Admin), o uno medio como Colaborador+ (si "Role Options" se activa para otros usuarios) para llevar a cabo ataques de inyección SQL • https://wpscan.com/vulnerability/c1f45000-6c16-4606-be80-1938a755af2c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2016-1000121 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000121
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQL en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/slider http://www.securityfocus.com/bid/92160 http://www.vapidlabs.com/advisory.php?v=168 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-1000122 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000122
XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQLi en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • http://extensions.joomla.org/extensions/extension/photos-a-images/slider http://www.securityfocus.com/bid/92160 http://www.vapidlabs.com/advisory.php?v=168 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •