CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0717 – Social Slider Feed < 2.2.9 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-0717
25 Mar 2025 — To exploit the vulnerability, it is necessary: • https://wpscan.com/vulnerability/31f734fc-d474-46b3-98eb-04761cab8878 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10566 – Slider by 10Web < 1.2.62 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10566
25 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/a98a7f11-4c01-4b91-8adc-465beefa310a •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10565 – Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget
https://notcve.org/view.php?id=CVE-2024-10565
25 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1203 – Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1203
24 Mar 2025 — The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/fca0b129-3299-46d6-9231-ca5afd2fdb66 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1062 – Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1062
24 Mar 2025 — The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/657b355b-e38f-46d6-b574-7ce736d25f31 •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12308 – Logo Slider < 4.6.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-12308
03 Feb 2025 — The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it poss... • https://wpscan.com/vulnerability/fa82ada7-357b-4f01-a0d6-ff633b188a80 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13314 – Carousel, Slider, Gallery by WP Carousel < 2.7.4 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13314
31 Jan 2025 — The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid plugin for WordPress is vulnera... • https://wpscan.com/vulnerability/ae234bbe-a4af-49f5-8e0a-4fb960821e05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12173 – Master Slider < 3.10.5 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-12173
29 Jan 2025 — The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.10.0 due to insufficient input sanitization... • https://wpscan.com/vulnerability/0f35be0e-0f63-4e33-aa4d-c47b1f1e0595 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13627 – WP Touch Slider <= 2.2 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13627
27 Jan 2025 — The OWL Carousel Slider WordPress plugin through 2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The OWL Carousel Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web... • https://wpscan.com/vulnerability/f7e425a1-ae49-4ea6-abe4-42ba2713af8f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13224 – SlideDeck 1 Lite Content Slider <= 1.4.8 - Reflected XSS
https://notcve.org/view.php?id=CVE-2024-13224
10 Jan 2025 — The SlideDeck 1 Lite Content Slider WordPress plugin through 1.4.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. The SlideDeck 1 Lite Content Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.4.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attac... • https://wpscan.com/vulnerability/32a90907-e82f-41b3-b20e-d10a722e2999 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •