CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10566 – Slider by 10Web < 1.2.62 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10566
25 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/a98a7f11-4c01-4b91-8adc-465beefa310a •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10565 – Slider by 10Web < 1.2.62 - Admin+ Stored XSS via Widget
https://notcve.org/view.php?id=CVE-2024-10565
25 Mar 2025 — The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). • https://wpscan.com/vulnerability/4ef05302-a6ca-4816-ab0d-a4e3bf7a5e22 •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-8283 – Slider by 10Web < 1.2.59 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-8283
09 Sep 2024 — The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.58 due to insufficient input sanitization and ou... • https://wpscan.com/vulnerability/a60aed55-c0a2-4912-8844-cdddf31d90b6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7150 – Slider by 10Web – Responsive Image Slider <= 1.2.57 - Authenticated (Contributor+) SQL Injection via id Parameter
https://notcve.org/view.php?id=CVE-2024-7150
07 Aug 2024 — The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from th... • https://plugins.trac.wordpress.org/browser/slider-wd/tags/1.2.57/frontend/models/WDSModelSlider.php#L6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6408 – Slider by 10Web < 1.2.57 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-6408
10 Jul 2024 — The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed The Slider by 10Web plugin for WordPress is vulnerable to Stored Cross-Site Scripting via slider settings in all versions up to, and including, 1.2.56 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with e... • https://wpscan.com/vulnerability/31aaeffb-a752-4941-9d0f-1b374fbc7abb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-6026 – Slider by 10Web < 1.2.56 - Editor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-6026
20 Jun 2024 — The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks El complemento Slider by 10Web para WordPress anterior a 1.2.56 no sanitiza ni escapa a algunas de sus opciones de diapositivas, lo ... • https://wpscan.com/vulnerability/01609d84-e9eb-46a9-b2cc-fe7e0c982984 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-47155 – WordPress Slider by Supsystic Plugin <= 1.8.5 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2022-47155
07 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Supsystic Slider by Supsystic plugin <= 1.8.5 versions. The Slider by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to invoke the function via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cr... • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-4-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4197 – Sliderby10Web < 1.2.53 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4197
30 Nov 2022 — The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). El complemento Sliderby10Web de WordPress anterior a la versión 1.2.53 no sanitiza ni escapa algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataque... • https://wpscan.com/vulnerability/96818024-57ab-419d-bd46-7d2da98269e6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24132 – Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection
https://notcve.org/view.php?id=CVE-2021-24132
29 Sep 2020 — The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks. El plugin Slider para 10Web WordPress, versiones anteriores a 1.2.36, en las funcionalidades bulk_action, export_full y save_slider_db del plugin, eran vulnerables, permitiendo a un usuario muy... • https://wpscan.com/vulnerability/c1f45000-6c16-4606-be80-1938a755af2c • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 2CVE-2016-1000121 – Huge IT Joomla Slider 1.0.9 XSS / SQL Injection
https://notcve.org/view.php?id=CVE-2016-1000121
27 Jul 2016 — XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension Vulnerabilidad de XSS y vulnerabilidad de inyección SQL en la extensión Huge IT Joomla Slider v1.0.9 Huge IT Joomla Slider extension version 1.0.9 suffers from cross site scripting and remote SQL injection vulnerabilities. • https://packetstorm.news/files/id/138076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •