Crelly Slider

crelly_slider

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13116 1Crelly Slider Project 1Crelly Slider May 13, 2025 Jan 27, 2025 N/A· v4 3.8 LOW· v3 N/A· v2 The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilte...Show more The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-3752 1Crelly Slider Project 1Crelly Slider May 8, 2025 May 6, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilt...Show more The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less
CVE-2024-33542 1Crelly Slider Project 1Crelly Slider Sep 29, 2025 Apr 29, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.
CVE-2019-15866 1Crelly Slider Project 1Crelly Slider Nov 21, 2024 Sep 3, 2019 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.