CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-24681 – WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-24681
24 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows Stored XSS. This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.10.0. The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.10.0 due to insufficient input sanitization and output escapin... • https://patchstack.com/database/wordpress/plugin/woo-product-carousel-slider-and-grid-ultimate/vulnerability/wordpress-product-carousel-slider-grid-ultimate-for-woocommerce-plugin-1-10-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-44048 – WordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-44048
16 Sep 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce allows PHP Local File Inclusion.This issue affects Product Carousel Slider & Grid Ultimate for WooCommerce: from n/a through 1.9.10. The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10. This makes it possible for authenticated attackers, with... • https://patchstack.com/database/vulnerability/woo-product-carousel-slider-and-grid-ultimate/wordpress-product-carousel-slider-grid-ultimate-for-woocommerce-plugin-1-9-10-authenticated-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •