VYPR

Master Slider

by WordPress

CVEs (19)

  • CVE-2024-32600HigApr 18, 2024
    risk 0.54cvss 8.3epss 0.00

    Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5.

  • CVE-2024-37222HigJun 20, 2024
    risk 0.46cvss 7.1epss 0.00

    Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0.

  • CVE-2026-48968MedMay 27, 2026
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows DOM-Based XSS. This issue affects Master Slider: from n/a through 3.10.8.

  • CVE-2025-58025MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Master Slider master-slider allows Stored XSS.This issue affects Master Slider: from n/a through <= 3.11.0.

  • CVE-2024-13757MedMar 5, 2025
    risk 0.42cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-6490MedJul 26, 2024
    risk 0.42cvss 6.5epss 0.00

    During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10.

  • CVE-2023-6382MedJun 1, 2024
    risk 0.42cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-32580MedApr 18, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8.

  • CVE-2025-5291MedJun 17, 2025
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on…

  • CVE-2024-11731MedMar 5, 2025
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-4375MedJun 18, 2024
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user…

  • CVE-2024-4470MedMay 21, 2024
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied…

  • CVE-2024-1449MedMar 2, 2024
    risk 0.35cvss 6.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'src' user supplied…

  • CVE-2018-20368MedDec 23, 2018
    risk 0.35cvss 5.4epss 0.01

    The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.

  • CVE-2024-0611MedMar 2, 2024
    risk 0.29cvss 4.4epss 0.01

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to…

  • CVE-2025-39412MedMay 19, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in averta Master Slider master-slider.This issue affects Master Slider: from n/a through <= 3.11.0.

  • CVE-2023-50900MedJun 19, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.

  • CVE-2023-6326MedMar 2, 2024
    risk 0.28cvss 5.4epss 0.00

    The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.10. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for…

  • CVE-2024-12173LowFeb 19, 2025
    risk 0.23cvss 3.5epss 0.00

    The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example…