CVE-2025-6348
- EPSS 0.03%
- Veröffentlicht 30.07.2025 08:23:02
- Zuletzt bearbeitet 31.07.2025 18:42:37
The Smart Slider 3 plugin for WordPress is vulnerable to time-based SQL Injection via the ‘sliderid’ parameter in all versions up to, and including, 3.5.1.28 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati...
CVE-2024-3027
- EPSS 0.12%
- Veröffentlicht 13.04.2024 02:15:06
- Zuletzt bearbeitet 21.11.2024 09:28:42
The Smart Slider 3 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the upload function in all versions up to, and including, 3.5.1.22. This makes it possible for authenticated attackers, wi...
CVE-2021-24382
- EPSS 0.42%
- Veröffentlicht 14.06.2021 14:15:09
- Zuletzt bearbeitet 21.11.2024 05:52:57
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected f...