VYPR

Carousel Slider

by WordPress

Source repositories

CVEs (7)

  • CVE-2024-4372MedMay 21, 2024
    risk 0.35cvss 5.4epss 0.00

    The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks

  • CVE-2023-41848MedDec 13, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.

  • CVE-2024-6850MedSep 13, 2024
    risk 0.31cvss 4.8epss 0.00

    The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

  • CVE-2024-3703MedMay 3, 2024
    risk 0.31cvss 4.7epss 0.01

    The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site…

  • CVE-2024-1712MedApr 15, 2024
    risk 0.31cvss 4.7epss 0.00

    The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2024-45270MedSep 2, 2024
    risk 0.28cvss 4.3epss 0.00

    WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the…

  • CVE-2024-45269MedSep 2, 2024
    risk 0.21cvss 4.3epss 0.00

    WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the…