cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-8283,https://securityvulnerability.io/vulnerability/CVE-2024-8283,High Privilege Users Could Perform Cross-Site Scripting Attacks via Unfiltered HTML Setting,"The Slider by 10Web WordPress plugin prior to version 1.2.59 contains a flaw that fails to properly sanitize and escape various settings. This vulnerability permits users with high privileges, such as administrators, to execute Stored Cross-Site Scripting (XSS) attacks. This issue becomes particularly concerning in environments with constrained permissions, like multisite setups, where the unfiltered_html capability is disabled.",Wordpress,Slider By 10web,4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-09-30T06:00:06.824Z,0
CVE-2024-7150,https://securityvulnerability.io/vulnerability/CVE-2024-7150,Security Vulnerability in Responsive Image Slider Plugin Could Lead to SQL Injection,"The Slider by 10Web – Responsive Image Slider plugin for WordPress is exposed to a time-based SQL Injection vulnerability that affects all versions up to and including 1.2.57. This flaw stems from insufficient escaping of user-supplied parameters within the SQL query. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability, allowing them to inject additional SQL queries into existing ones. Such an attack could lead to the unauthorized extraction of sensitive information from the database, posing significant risks to the integrity and confidentiality of the data stored.",Wordpress,Slider By 10web – Responsive Image Slider,8.8,HIGH,0.0007600000244565308,false,,false,false,false,,false,false,2024-08-08T05:31:46.098Z,0
CVE-2024-6408,https://securityvulnerability.io/vulnerability/CVE-2024-6408,Cross-Site Scripting Attacks via Unprepared Slider Titles,"The Slider by 10Web  WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed",Wordpress,Slider By 10web,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-31T06:00:03.358Z,0
CVE-2024-6026,https://securityvulnerability.io/vulnerability/CVE-2024-6026,Stored Cross-Site Scripting Attacks Vectored via 10Web Slider Plugin,"The Slider by 10Web  WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web  WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks",Wordpress,Slider By 10web,5.4,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-07-11T06:00:04.304Z,0
CVE-2021-24132,https://securityvulnerability.io/vulnerability/CVE-2021-24132,Slider by 10Web < 1.2.36 - Multiple Authenticated SQL Injection,"The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if ""Role Options"" is turn on for other users) to perform a SQL Injection attacks.",Wordpress,Slider By 10web,8.8,HIGH,0.002899999963119626,false,,false,false,false,,false,false,2021-03-18T14:57:48.000Z,0