CVE-2025-6348
- EPSS 0.03%
- Veröffentlicht 30.07.2025 08:23:02
- Zuletzt bearbeitet 31.07.2025 18:42:37
The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the ‘sliderid’ parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
CVE-2024-3027
- EPSS 0.12%
- Veröffentlicht 13.04.2024 02:15:06
- Zuletzt bearbeitet 21.11.2024 09:28:42
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, wi...
CVE-2022-45845
- EPSS 0.39%
- Veröffentlicht 19.01.2024 15:15:08
- Zuletzt bearbeitet 21.11.2024 07:29:49
Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9.
CVE-2023-0660
- EPSS 0.16%
- Veröffentlicht 27.03.2023 16:15:09
- Zuletzt bearbeitet 19.02.2025 19:15:12
The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and ...
CVE-2022-45843
- EPSS 0.19%
- Veröffentlicht 23.03.2023 12:15:12
- Zuletzt bearbeitet 21.11.2024 07:29:49
Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions.
CVE-2022-3357
- EPSS 27.11%
- Veröffentlicht 31.10.2022 16:15:11
- Zuletzt bearbeitet 06.05.2025 21:15:52
The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on th...