NotCVE - vendor:"Unknown" product:"Master Slider" version:"

8 results (0.006 seconds)

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-12173 – Master Slider < 3.10.5 - Editor+ Stored XSS

https://notcve.org/view.php?id=CVE-2024-12173

29 Jan 2025 — The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.10.0 due to insufficient input sanitization... • https://wpscan.com/vulnerability/0f35be0e-0f63-4e33-aa4d-c47b1f1e0595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2024-6490 – Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion

https://notcve.org/view.php?id=CVE-2024-6490

26 Jul 2024 — During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10. • https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053 •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-37222 – WordPress Master Slider plugin <= 3.10.0 - Reflected Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-37222

20 Jun 2024 — Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.9.10. Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0. The Master Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthe... • https://patchstack.com/database/vulnerability/master-slider/wordpress-master-slider-plugin-3-9-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-32580 – WordPress Master Slider plugin <= 3.9.8 - Cross Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2024-32580

16 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Averta Master Slider permite almacenar XSS. Este problema afecta a Master Slider: desde n/a hasta 3.9.8. The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to ... • https://patchstack.com/database/vulnerability/master-slider/wordpress-master-slider-plugin-3-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2024-32600 – WordPress Master Slider plugin <= 3.9.5 - PHP Object Injection vulnerability

https://notcve.org/view.php?id=CVE-2024-32600

16 Apr 2024 — Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. Vulnerabilidad de deserialización de datos no confiables en Averta Master Slider. Este problema afecta a Master Slider: desde n/a hasta 3.9.5. The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.9.5 via deserialization of untrusted input. This makes it possible for unauthenticated attackers... • https://patchstack.com/database/vulnerability/master-slider/wordpress-master-slider-plugin-3-9-5-php-object-injection-vulnerability?_s_id=cve • CWE-502: Deserialization of Untrusted Data •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-47506 – WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to SQL Injection

https://notcve.org/view.php?id=CVE-2023-47506

07 Nov 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Master slider Master Slider Pro allows SQL Injection.This issue affects Master Slider Pro: from n/a through 3.6.5. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Master slider Master Slider Pro permite la inyección de SQL. Este problema afecta a Master Slider Pro: desde n/a hasta 3.6.5. The Master Slider Pro plugin for WordPress is v... • https://patchstack.com/database/vulnerability/masterslider/wordpress-master-slider-pro-plugin-3-6-5-authenticated-editor-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-47508 – WordPress Master Slider Pro Plugin <= 3.6.5 is vulnerable to Cross Site Scripting (XSS)

https://notcve.org/view.php?id=CVE-2023-47508

07 Nov 2023 — Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions. Vulnerabilidad de Cross-Site Scripting (XSS) Reflejada No Autenticada en el complemento Averta Master Slider Pro en versiones <=3.6.5. The Master Slider Pro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated at... • https://patchstack.com/database/vulnerability/masterslider/wordpress-master-slider-pro-plugin-3-6-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

CVE-2018-20368 – Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2018-20368

14 Nov 2018 — The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. El plugin Master Slider, en versiones 3.2.7 y 3.5.1 para WordPress, tiene Cross-Site Scripting (XSS) mediante el campo de entrada Name en wp-admin/admin-ajax.php del valor MSPanel.Settings en Callback. The Master Slider plugin for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. • https://www.vulnerability-lab.com/get_content.php?id=2158 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •