CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4567 – Post Slider and Carousel with Widget < 3.2.10 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-4567
13 May 2025 — The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin setti... • https://wpscan.com/vulnerability/b8a50ae9-40c4-42f8-9342-2440d3bc12bb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10144 – Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.22 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10144
11 Mar 2025 — The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery Settings in all versions up to, and including, ... • https://wpscan.com/vulnerability/a83521d3-0aba-493d-8dec-e764277e69b8 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-11109 – WP Google Review Slider < 15.6 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-11109
03 Mar 2025 — The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The WP Google Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 15.5 due to insufficient input sanitization and output escaping.... • https://wpscan.com/vulnerability/93619da1-a8d6-43b6-b1be-8d50ab6f29f7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13384 – Photo Gallery, Images, Slider in Rbs Image Gallery < 3.2.24 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-13384
03 Mar 2025 — The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.24 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.23 d... • https://wpscan.com/vulnerability/f65d8a83-6ce8-40be-8633-deffd555c349 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10565 – Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget
https://notcve.org/view.php?id=CVE-2024-10565
03 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via widget settings in all versions up to, and including, 1.2.61 due to insufficient input sanitization and o... • https://wpscan.com/vulnerability/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10566 – Slider by 10Web < 1.2.62 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10566
03 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.61 due to insufficient input sanitization and ou... • https://wpscan.com/vulnerability/a98a7f11-4c01-4b91-8adc-465beefa310a • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0717 – Social Slider Feed < 2.2.9 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-0717
03 Mar 2025 — To exploit the vulnerability, it is necessary: The Social Slider Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and inst... • https://wpscan.com/vulnerability/31f734fc-d474-46b3-98eb-04761cab8878 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1062 – Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1062
02 Mar 2025 — The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and incl... • https://wpscan.com/vulnerability/657b355b-e38f-46d6-b574-7ce736d25f31 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1203 – Slider, Gallery, Carousel by MetaSlider < 3.95.0 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2025-1203
02 Mar 2025 — The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and inc... • https://wpscan.com/vulnerability/fca0b129-3299-46d6-9231-ca5afd2fdb66 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10149 – Social Slider Feed < 2.2.9 - Admin+ Stored XSS via Widgets
https://notcve.org/view.php?id=CVE-2024-10149
25 Feb 2025 — The Social Slider Feed WordPress plugin before 2.2.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Social Slider Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This ma... • https://wpscan.com/vulnerability/1619dc4b-4e5e-4b82-820b-3c4e732db3ad • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •