Vulnerabilities and security researches forcrelly-slider crelly-slider

Jun 07, 2024

CVE, Research URL: CVE-2024-3752
Home page URL: Security reports for Crelly Slider
Application: Crelly Slider
Date: May 06, 2024
Research Description: The Crelly Slider WordPress plugin through 1.4.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 1.4.6.
Status: vulnerable

CVE, Research URL: CVE-2019-15866
Home page URL: Security reports for Crelly Slider
Application: Crelly Slider
Date: Sep 03, 2019
Research Description: The crelly-slider plugin before 1.3.5 for WordPress has arbitrary file upload via a PHP file inside a ZIP archive to wp_ajax_crellyslider_importSlider.
Affected versions: max 1.3.5.
Status: vulnerable

CVE, Research URL: CVE-2024-33542
Home page URL: Security reports for Crelly Slider
Application: Crelly Slider
Date: Apr 29, 2024
Research Description: Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5.
Affected versions: max 1.4.6.
Status: vulnerable

Jan 29, 2025

CVE, Research URL: CVE-2024-13116
Home page URL: Security reports for Crelly Slider
Application: Crelly Slider
Date: Jan 27, 2025
Research Description: The Crelly Slider WordPress plugin before 1.4.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.4.7.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: f4ed15eda2d328c370f89897d7101137944dcdfb
Home page URL: Security reports for Crelly Slider
Application: Crelly Slider
Date: Jun 11, 2019
Research Description: Crelly Slider [crelly-slider] < 1.3.5 WordPress Crelly Slider plugin <= 1.3.4 - Arbitrary File Upload vulnerability Arbitrary File Upload vulnerability found by NinTechNet in WordPress Crelly Slider plugin (versions <= 1.3.4).
Affected versions: max 1.3.5.
Status: vulnerable

CVE, Research URL: 317d0c1690e157db08672ce6e5d57d3de655f951
Home page URL: Security reports for Crelly Slider
Application: Crelly Slider
Date: Jun 05, 2017
Research Description: Crelly Slider [crelly-slider] < 1.1.2 Crelly Slider <= 1.1.1 - SQL Injection The Crelly Slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter found in the ~/wordpress/admin.php file in versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrative privileges to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 1.1.2.
Status: vulnerable