VYPR

Woo Product Carousel Slider And Grid Ultimate

by WordPress

Source repositories

CVEs (4)

  • CVE-2024-12040HigDec 12, 2024
    risk 0.50cvss 8.8epss 0.01

    The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode. This makes it possible for authenticated attackers, with…

  • CVE-2024-44048MedSep 23, 2024
    risk 0.42cvss 6.5epss 0.01

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate.This issue affects Product Carousel Slider & Grid…

  • CVE-2025-24681MedJan 24, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWax Product Carousel Slider & Grid Ultimate for WooCommerce woo-product-carousel-slider-and-grid-ultimate allows Stored XSS.This issue affects Product Carousel Slider & Grid…

  • CVE-2022-1266Jun 20, 2022
    risk 0.00cvss epss 0.01

    The Post Grid, Slider & Carousel Ultimate WordPress plugin before 1.5.0 does not sanitise and escape the Header Title, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.