cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-12308,https://securityvulnerability.io/vulnerability/CVE-2024-12308,Stored Cross-Site Scripting Vulnerability in Logo Slider WordPress Plugin,"The Logo Slider WordPress plugin prior to version 4.6.0 exhibits a vulnerability where it fails to properly validate and escape shortcode attributes. This oversight can lead to attackers with contributor roles and above executing Stored Cross-Site Scripting (XSS) attacks by injecting malicious scripts into page or post content, potentially compromising site integrity and user security.",WordPress,Logo Slider,5.4,MEDIUM,0.01,false,,false,false,true,2025-02-24T06:00:02.000Z,true,false,false,,2025-02-24T06:00:02.865Z,0
CVE-2024-13314,https://securityvulnerability.io/vulnerability/CVE-2024-13314,"Stored Cross-Site Scripting Vulnerability in Carousel, Slider, Gallery by WP Carousel Plugin","The Carousel, Slider, Gallery by WP Carousel WordPress plugin prior to version 2.7.4 is vulnerable due to inadequate sanitization and escaping of certain settings. This flaw allows users with elevated privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks, even in environments where the unfiltered_html capability is restricted, such as multisite configurations. This vulnerability poses a significant risk for site integrity and user data security.",WordPress,"Carousel, Slider, Gallery By WP Carousel",3.5,LOW,0.0004299999854993075,false,,false,false,true,2025-02-21T06:00:05.000Z,true,false,false,,2025-02-21T06:00:05.306Z,0
CVE-2024-12173,https://securityvulnerability.io/vulnerability/CVE-2024-12173,Stored Cross-Site Scripting in Master Slider WordPress Plugin,"The Master Slider WordPress plugin prior to version 3.10.5 is susceptible to stored cross-site scripting vulnerabilities due to improper sanitization and escaping of its settings. This flaw can be exploited by users with high privileges, such as Editors and above, potentially allowing them to execute scripts in the context of affected pages, leading to unauthorized access or data leakage, even in configurations where the unfiltered_html capability is restricted.",WordPress,Master Slider,3.5,LOW,0.0004299999854993075,false,,false,false,true,2025-02-19T06:00:03.000Z,true,false,false,,2025-02-19T06:00:03.134Z,0
CVE-2024-13627,https://securityvulnerability.io/vulnerability/CVE-2024-13627,Reflected Cross-Site Scripting Vulnerability in OWL Carousel Slider Plugin by WordPress,"The OWL Carousel Slider plugin for WordPress, up to version 2.2, contains a vulnerability that allows for reflected cross-site scripting. This occurs because the plugin fails to properly sanitize and escape a specific parameter when it is outputted back to the page. Attackers can exploit this flaw, potentially targeting high privilege users, such as administrators, to execute malicious scripts within the context of the affected site. Website administrators are strongly urged to update to the latest version of the plugin to mitigate risks.",WordPress,Owl Carousel Slider,4.7,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-17T06:00:09.000Z,true,false,false,,2025-02-17T06:00:09.408Z,0
CVE-2024-13224,https://securityvulnerability.io/vulnerability/CVE-2024-13224,Reflected XSS Vulnerability in SlideDeck 1 Lite Content Slider Plugin by WordPress,"The SlideDeck 1 Lite Content Slider plugin for WordPress, in versions up to 1.4.8, contains a vulnerability that allows an attacker to inject malicious scripts via a non-sanitized parameter. This unescaped output can lead to the execution of scripts in the context of a user's session, particularly affecting high privilege users such as administrators, thereby compromising the security of the WordPress site.",WordPress,Slidedeck 1 Lite Content Slider,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-01-31T06:00:16.000Z,true,false,false,,2025-01-31T06:00:16.447Z,0
CVE-2024-13116,https://securityvulnerability.io/vulnerability/CVE-2024-13116,Stored Cross-Site Scripting in Crelly Slider WordPress Plugin by WP Development,"The Crelly Slider plugin for WordPress prior to version 1.4.7 is susceptible to Stored Cross-Site Scripting attacks due to the insufficient sanitization and escaping of certain settings. This vulnerability poses a risk primarily to high-privilege users, such as administrators, allowing them to execute malicious scripts even in environments where unfiltered HTML is restricted, like in multisite configurations. Proper security measures and plugin updates are essential to mitigate this risk.",WordPress,Crelly Slider,3.8,LOW,0.0004299999854993075,false,,false,false,true,2025-01-27T06:00:11.000Z,true,false,false,,2025-01-27T06:00:11.682Z,0
CVE-2024-12043,https://securityvulnerability.io/vulnerability/CVE-2024-12043,Stored Cross-Site Scripting Vulnerability in Prime Slider for WordPress,"The Prime Slider – Addons For Elementor plugin for WordPress is susceptible to a stored Cross-Site Scripting (XSS) vulnerability due to inadequate input sanitization and output escaping in the 'social_link_title' parameter of the 'blog' widget. This issue affects all versions up to and including 3.16.5, permitting authenticated users with Contributor-level access or higher to introduce malicious web scripts. These scripts can execute whenever other users access the manipulated pages, creating significant security risks and potential exploits.",Wordpress,"Prime Slider – Addons For Elementor (revolution Of A Slider, Hero Slider, Post Slider And Ecommerce Slider)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-23T11:13:27.032Z,0
CVE-2024-11892,https://securityvulnerability.io/vulnerability/CVE-2024-11892,Stored Cross-Site Scripting in Accordion Slider Lite Plugin for WordPress,"The Accordion Slider Lite plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability through its 'accordion_slider' shortcode. This flaw arises from inadequate input sanitization and output escaping on attributes supplied by users. Authenticated attackers with contributor-level access can exploit this vulnerability to inject arbitrary web scripts into pages, which will execute whenever another user accesses the compromised page. This poses significant risks to website integrity and user safety.",Wordpress,Accordion Slider Lite,6.4,MEDIUM,0.0007200000109151006,false,,false,false,false,,false,false,false,,2025-01-11T07:21:53.872Z,0
CVE-2024-12532,https://securityvulnerability.io/vulnerability/CVE-2024-12532,Sensitive Information Exposure in BWD Elementor Addons Plugin for WordPress,"The BWD Elementor Addons plugin for WordPress contains a vulnerability in widgets/bwdeb-content-switcher.php that allows authenticated attackers with Contributor-level access and above to gain access to sensitive information. This includes private, pending, and draft template data, which could lead to potential data leakage or exploitation of user information. It is recommended that users of affected versions upgrade to the latest release to mitigate this risk.",Wordpress,"Bwd Elementor Addons (2500+ Presets, Meet The Team, Lottie, Lord Icon, Masking, WooCommerce, Theme Builder, Products, Blogs, Cv, Contact Form 7 Styler, Header, Slider, Hero Section)",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T11:11:11.537Z,0
CVE-2024-12624,https://securityvulnerability.io/vulnerability/CVE-2024-12624,Stored Cross-Site Scripting in Sina Extension for Elementor Plugin by WordPress,"The Sina Extension for Elementor plugin for WordPress has a vulnerability that permits stored Cross-Site Scripting (XSS) attacks through the Sina Image Differ widget. This flaw arises from inadequate input sanitization and output escaping on attributes supplied by users. As a result, authenticated attackers with contributor-level access or above can insert malicious web scripts into pages. These scripts execute whenever any user visits the affected page, potentially compromising user data and website integrity.",Wordpress,"Sina Extension For Elementor (slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates)",5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T06:40:56.716Z,0
CVE-2024-10102,https://securityvulnerability.io/vulnerability/CVE-2024-10102,Stored Cross-Site Scripting in Rbs Image Gallery Plugin for WordPress,"The Rbs Image Gallery plugin for WordPress, specifically versions prior to 3.2.22, lacks proper sanitization and escaping of certain Gallery settings. This oversight opens the door for high-privilege users, such as contributors, to carry out Stored Cross-Site Scripting (XSS) attacks. Successful exploitation could lead to the injection of malicious scripts, potentially compromising the security of the website and its users.",Wordpress,"Photo Gallery, Images, Slider In Rbs Image Gallery",,,0.0004299999854993075,false,,false,false,true,2025-01-07T06:00:02.000Z,true,false,false,,2025-01-07T06:00:02.472Z,0
CVE-2024-10536,https://securityvulnerability.io/vulnerability/CVE-2024-10536,Unauthorized Data Access in FancyPost Plugin for WordPress,"The FancyPost plugin for WordPress is susceptible to unauthorized access, enabling attackers with Subscriber-level access and above to exploit a missing capability check in the handle_block_shortcode_export() function. This oversight allows them to export sensitive shortcodes, potentially compromising user data. All versions of the plugin up to 6.0.0 are affected, highlighting the critical need for users to update and mitigate this security risk.",Wordpress,"Fancypost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-07T05:24:09.055Z,0
CVE-2024-11899,https://securityvulnerability.io/vulnerability/CVE-2024-11899,Stored Cross-Site Scripting Vulnerability in Slider Pro Lite Plugin for WordPress,"The Slider Pro Lite plugin for WordPress allows authenticated users with contributor-level access and above to exploit a vulnerability through the 'sliderpro' shortcode. This occurs due to insufficient input sanitization and output escaping for user-supplied attributes. Attackers can inject arbitrary web scripts, which execute whenever a user visits an affected page, potentially leading to the theft of sensitive information or other malicious activities.",Wordpress,Slider Pro Lite,6.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-01-07T03:21:58.788Z,0
CVE-2024-11878,https://securityvulnerability.io/vulnerability/CVE-2024-11878,Stored Cross-Site Scripting Vulnerability in Category Post Slider Plugin for WordPress,"CVE-2024-11878 identifies a stored cross-site scripting (XSS) vulnerability present in the Category Post Slider plugin for WordPress. This issue arises from inadequate input sanitization and output escaping within the plugin's 'category-post-slider' shortcode. As a result, authenticated attackers with contributor-level access or higher could exploit this vulnerability to inject arbitrary web scripts into affected pages. These scripts would execute whenever a user views the compromised page, potentially leading to unauthorized actions and exposure of sensitive information. Website administrators are strongly advised to update to the latest version of the plugin to mitigate this risk.",Wordpress,Category Post Slider,6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-12-20T06:59:11.219Z,0
CVE-2024-11108,https://securityvulnerability.io/vulnerability/CVE-2024-11108,Stored Cross-Site Scripting Vulnerability in Serious Slider Plugin for WordPress,"CVE-2024-11108 is a critical Stored Cross-Site Scripting (XSS) vulnerability found in the Serious Slider WordPress plugin prior to version 1.2.7. The flaw arises due to improper validation and escaping of certain shortcode attributes, allowing users with contributor permissions and higher to inject malicious scripts into web pages. This vulnerability poses a significant risk, as it can lead to unauthorized access, data theft, and manipulation of site content, compromising the integrity and security of affected WordPress installations.",Wordpress,Serious Slider,,,0.0004299999854993075,false,,false,false,true,2024-12-20T06:00:04.000Z,true,false,false,,2024-12-20T06:00:04.403Z,0
CVE-2024-11884,https://securityvulnerability.io/vulnerability/CVE-2024-11884,Arbitrary Web Script Injection Vulnerability in Wp Photo Text Slider 50 Plugin,"The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode in all versions up to, and including, 8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,WP Photo Text Slider 50,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-14T04:23:48.591Z,0
CVE-2024-11770,https://securityvulnerability.io/vulnerability/CVE-2024-11770,Stored Cross-Site Scripting Vulnerability in Post Carousel & Slider Plugin,"The Post Carousel & Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Post Carousel & Slider,6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-14T04:23:42.330Z,0
CVE-2024-11766,https://securityvulnerability.io/vulnerability/CVE-2024-11766,Stored Cross-Site Scripting Vulnerability in WordPress Book Plugin,"The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"WordPress Book Plugin For Displaying Books In Grid, Flip, Slider, Popup Layout And More",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-12T05:24:23.655Z,0
CVE-2024-11765,https://securityvulnerability.io/vulnerability/CVE-2024-11765,Stored Cross-Site Scripting vulnerability in WordPress Portfolio Plugin,"The WordPress Portfolio Plugin – A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"WordPress Portfolio Plugin – A Plugin For Making Filterable Portfolio Grid, Portfolio Slider And More",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-12T05:24:21.216Z,0
CVE-2024-12040,https://securityvulnerability.io/vulnerability/CVE-2024-12040,Plugin Vulnerable to Local File Inclusion,"The Product Carousel Slider & Grid Ultimate plugin for WooCommerce is subject to a Local File Inclusion vulnerability that allows users with Contributor-level access or higher to include arbitrary files on the server through the 'theme' attribute in the `wcpcsu` shortcode. This vulnerability can lead to the execution of PHP code embedded in these files, enabling attackers to circumvent access controls, retrieve sensitive information, and exploit the system further by executing malicious code when non-traditional file types are uploaded.",Wordpress,Product Carousel Slider & Grid Ultimate For WooCommerce,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-12-12T05:24:19.745Z,0
CVE-2024-4633,https://securityvulnerability.io/vulnerability/CVE-2024-4633,Stored Cross-Site Scripting Vulnerability Affects Depicter Slider and Carousel Slider in WordPress,"The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘addExtraMimeType’ function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Slider & Popup Builder By Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel",6.4,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-12-06T13:45:20.274Z,0
CVE-2024-52461,https://securityvulnerability.io/vulnerability/CVE-2024-52461,Infinite Slider Vulnerable to Reflected Cross-site Scripting,"The Infinite Slider plugin developed by Kinsta for WordPress is exposed to a reflected cross-site scripting (XSS) vulnerability due to improper handling of user input during web page generation. This vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized actions and data theft. It affects all versions of the Infinite Slider plugin up to and including version 2.0.1, emphasizing the need for immediate updates and security measures.",Wordpress,Infinite Slider,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-02T13:49:04.947Z,0
CVE-2024-10896,https://securityvulnerability.io/vulnerability/CVE-2024-10896,Stored Cross-Site Scripting Vulnerability in WordPress Logo Slider Plugin,"The Logo Slider WordPress plugin, prior to version 4.5.0, contains a critical vulnerability due to inadequate sanitization and escaping of inputs in its Logo and Slider settings. This flaw allows attackers with high privileges, such as Contributors, to exploit the vulnerability by performing Stored Cross-Site Scripting (XSS) attacks. The consequence of such attacks could lead to unauthorized actions being executed on behalf of other users, potentially compromising the security of the entire WordPress site.",Wordpress,Logo Slider,,,0.0004299999854993075,false,,false,false,true,2024-11-28T06:00:12.000Z,true,false,false,,2024-11-28T06:00:12.112Z,0
CVE-2024-10473,https://securityvulnerability.io/vulnerability/CVE-2024-10473,Cross-Site Scripting Vulnerability in Logo Slider WordPress Plugin,"CVE-2024-10473 is a significant Cross-Site Scripting (XSS) vulnerability found in the Logo Slider WordPress plugin versions before 4.5.0. The vulnerability arises from improper sanitization and escaping of specific Logo Settings when they are rendered on pages containing the Logo Slider shortcode. This flaw enables users with minimal privileges, such as those with the Author role, to inject malicious scripts. If exploited, this may lead to unauthorized actions on behalf of users and compromise site security. It is crucial for website administrators to update to the latest version to mitigate the risks associated with this vulnerability.",Wordpress,Logo Slider,,,0.0004299999854993075,false,,false,false,true,2024-11-28T06:00:05.000Z,true,false,false,,2024-11-28T06:00:05.185Z,0
CVE-2024-11601,https://securityvulnerability.io/vulnerability/CVE-2024-11601,Cross-Site Request Forgery Vulnerability in Sky Addons for Elementor,"The Sky Addons for Elementor plugin for WordPress is prone to a Cross-Site Request Forgery vulnerability affecting all versions up to and including 2.6.1. This flaw arises from inadequate nonce validation within the save_options() function, which could allow an unauthenticated attacker to change arbitrary option values on a WordPress site through a malicious request. The attacker must trick a site administrator into clicking a link, thus enabling the execution of unauthorized actions. The vulnerability specifically impacts option values that can be saved as arrays.",Wordpress,"Sky Addons For Elementor (free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery)",8.1,HIGH,0.000539999979082495,false,,false,false,false,,,false,false,,2024-11-22T05:33:41.092Z,0