Filtered by vendor Majeedraza Subscriptions
Total 4 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-1712 1 Majeedraza 1 Carousel Slider 2024-11-25 4.7 Medium
The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2024-6850 1 Majeedraza 1 Carousel Slider 2024-09-27 4.8 Medium
The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-45270 1 Majeedraza 1 Carousel Slider 2024-09-04 4.3 Medium
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
CVE-2024-45269 1 Majeedraza 1 Carousel Slider 2024-09-04 4.3 Medium
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.