Carousel Slider

carousel_slider

Vendor: Majeedraza • 7 CVEs

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-41848 1Majeedraza 1Carousel Slider Jun 17, 2026 Dec 13, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.
CVE-2024-6850 1Majeedraza 1Carousel Slider Jun 17, 2026 Sep 13, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_htm...Show more The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowedShow less
CVE-2024-45270 1Majeedraza 1Carousel Slider Jun 17, 2026 Sep 2, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled,...Show more WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.Show less
CVE-2024-45269 1Majeedraza 1Carousel Slider Jun 17, 2026 Sep 2, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabl...Show more WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.Show less
CVE-2024-4372 1Majeedraza 1Carousel Slider Jun 17, 2026 May 21, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks
CVE-2024-3703 1Majeedraza 1Carousel Slider Jun 17, 2026 May 3, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users w...Show more The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-1712 1Majeedraza 1Carousel Slider Jun 17, 2026 Apr 15, 2024 N/A· v4 4.7 MEDIUM· v3 N/A· v2 The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfil...Show more The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)Show less