CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-26763 – WordPress Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Plugin <= 3.94.0 - PHP Object Injection vulnerability
https://notcve.org/view.php?id=CVE-2025-26763
14 Feb 2025 — Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection. This issue affects Responsive Slider by MetaSlider: from n/a through 3.94.0. The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.94.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Editor-level access and above, to inje... • https://patchstack.com/database/wordpress/plugin/ml-slider/vulnerability/wordpress-slider-gallery-and-carousel-by-metaslider-image-slider-video-slider-plugin-3-94-0-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24533 – WordPress MetaSlider plugin <= 3.92.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2025-24533
09 Nov 2024 — Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider allows Cross Site Request Forgery. This issue affects Responsive Slider by MetaSlider: from n/a through 3.92.0. The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.92.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticate... • https://patchstack.com/database/wordpress/plugin/ml-slider/vulnerability/wordpress-metaslider-plugin-3-92-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •