Metaslider

CVEs (4)

• CVE-2026-39465CriJun 15, 2026
  WordPress

  Metaslider
  risk 0.59cvss 9.1epss —

  Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.

• CVE-2025-5337Jun 14, 2025
  WordPress

  Metaslider
  risk 0.00cvss —epss 0.00

  The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible…

• CVE-2022-2823Oct 10, 2022
  WordPress

  Metaslider
  risk 0.00cvss —epss 0.00

  The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html…

• CVE-2014-4846Jul 10, 2014
  WordPress

  Metaslider
  risk 0.00cvss —epss 0.00

  Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.