CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12173 – Master Slider < 3.10.5 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-12173
29 Jan 2025 — The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.10.0 due to insufficient input sanitization... • https://wpscan.com/vulnerability/0f35be0e-0f63-4e33-aa4d-c47b1f1e0595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6490 – Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion
https://notcve.org/view.php?id=CVE-2024-6490
26 Jul 2024 — During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10. • https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053 •