CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1062 – Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1062
24 Mar 2025 — The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/657b355b-e38f-46d6-b574-7ce736d25f31 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1203 – Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1203
02 Mar 2025 — The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and inc... • https://wpscan.com/vulnerability/fca0b129-3299-46d6-9231-ca5afd2fdb66 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13314 – Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13314
31 Jan 2025 — The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid plugin for WordPress is vulnera... • https://wpscan.com/vulnerability/ae234bbe-a4af-49f5-8e0a-4fb960821e05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13627 – WP Touch Slider <= 2.2 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13627
27 Jan 2025 — The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The OWL Carousel Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web... • https://wpscan.com/vulnerability/f7e425a1-ae49-4ea6-abe4-42ba2713af8f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6850 – Carousel Slider < 2.2.14 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-6850
23 Aug 2024 — The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level pe... • https://wpscan.com/vulnerability/c06995cb-1685-4751-811f-aead52a597a7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4372 – Carousel Slider < 2.2.11 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-4372
30 Apr 2024 — The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks El complemento Carousel Slider de WordPress anterior a 2.2.11 no sanitiza ni escapa a algunos parámetros, lo que podría permitir a los usuarios con un rol tan bajo como el de editor realizar ataques de Cross Site Scripting. The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url ... • https://wpscan.com/vulnerability/13dcfd8a-e378-44b4-af6f-940bc41539a4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2024-3703 – Carousel Slider < 2.2.10 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-3703
12 Apr 2024 — The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks El complemento Carousel Slider de WordPress anterior a 2.2.10 no valida ni escapa algunas de sus opciones de diapositiva antes de devolverlas a la página/publicación donde está incrustado el código abreviado de diap... • https://github.com/Bi0x/CVE-2024-37032 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1712 – Carousel Slider < 2.2.7 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-1712
25 Mar 2024 — The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Carousel Slider de WordPress anterior a 2.2.7 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cro... • https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •