Vulnerabilities and security researches forml-slider ml-slider
Direction: ascendingJun 06, 2024
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2014-4846
- CVE, Research URL
- Home page URL
- Date
- Jul 10, 2014
- Research Description
- Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.
- Affected versions
-
max 2.6.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2022-2823
- CVE, Research URL
- Home page URL
- Date
- Oct 11, 2022
- Research Description
- The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.27.9 does not sanitise and escape some of its Gallery Image parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
- Affected versions
-
max 3.27.9.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2023-1473
- CVE, Research URL
- Home page URL
- Date
- Apr 17, 2023
- Research Description
- The Slider, Gallery, and Carousel by MetaSlider WordPress plugin 3.29.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
- Affected versions
-
max 3.29.1.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2024-3285
- CVE, Research URL
- Home page URL
- Date
- Apr 11, 2024
- Research Description
- The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.70.1.
- Status
-
vulnerable
Jan 28, 2025
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2025-24533
- CVE, Research URL
- Home page URL
- Date
- Jan 27, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Cross Site Request Forgery.This issue affects Responsive Slider by MetaSlider: from n/a through <= 3.92.0.
- Affected versions
-
max 3.92.1.
- Status
-
vulnerable
Feb 21, 2025
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2025-26763
- CVE, Research URL
- Home page URL
- Date
- Feb 22, 2025
- Research Description
- Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider ml-slider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through <= 3.94.0.
- Affected versions
-
max 3.95.0.
- Status
-
vulnerable
May 08, 2025
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2025-1203
- CVE, Research URL
- Home page URL
- Date
- Mar 24, 2025
- Research Description
- The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 3.95.0.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2025-1062
- CVE, Research URL
- Home page URL
- Date
- Mar 24, 2025
- Research Description
- The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
- Affected versions
-
max 3.95.0.
- Status
-
vulnerable
Jun 15, 2025
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2025-5337
- CVE, Research URL
- Home page URL
- Date
- Jun 14, 2025
- Research Description
- The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 3.99.0.
- Status
-
vulnerable
Apr 22, 2026
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2026-39467
- CVE, Research URL
- Home page URL
- Date
- Apr 21, 2026
- Research Description
- Deserialization of Untrusted Data vulnerability in MetaSlider Responsive Slider by MetaSlider allows Object Injection.This issue affects Responsive Slider by MetaSlider: from n/a through 3.106.0.
- Affected versions
-
max 3.107.0.
- Status
-
vulnerable
May 01, 2026
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2026-39465
- CVE, Research URL
- Home page URL
- Date
- Jun 16, 2026
- Research Description
- Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
- Affected versions
-
max 3.107.0.
- Status
-
vulnerable
Jun 14, 2026
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # CVE-2022-47150
- CVE, Research URL
- Home page URL
- Date
- Jun 11, 2026
- Research Description
- Cross-Site request forgery (CSRF) vulnerability in weDevs WooCommerce Conversion Tracking allows Cross Site Request Forgery. This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.10.
- Affected versions
-
max 3.28.1.
- Status
-
vulnerable
Jun 16, 2026
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # 9507b16394ebe9e6ca301dfc53534fa4863471a4
- CVE, Research URL
- Home page URL
- Date
- Aug 28, 2020
- Research Description
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider [ml-slider] < 3.17.2 Slider, Gallery, and Carousel by MetaSlider <= 3.17.1 - Authenticated Stored Cross-Site Scripting The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross Site Scripting in versions up to, and including, 3.17.1. The patch adds extra filtering of captions using HTML Purifier where there appeared to be a stored cross-site scripting vulnerability to accounts with sufficient privileges.
- Affected versions
-
max 3.17.2.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # 09890bbf-f385-4614-a91b-e52a71f55f4f
- CVE, Research URL
- Home page URL
- Date
- -
- Research Description
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider [ml-slider] < 2.2 Meta Slider 2.1.6 - Multiple Full Path Disclosure The Responsive Slider by MetaSlider – Slider and Carousel Plugin for WordPress WordPress plugin was affected by a Multiple Full Path Disclosure security vulnerability.
- Affected versions
-
max 2.2.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # 151ec256-7c21-40db-84cb-d8b68f5c4973
- CVE, Research URL
- Home page URL
- Date
- -
- Research Description
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider [ml-slider] < 3.17.2 MetaSlider < 3.17.2 - Authenticated Stored Cross-Site Scripting (XSS) Vishnupriya Ilango, from Fortinet's FortiGuard Lab, discovered a stored Cross-Site Scripting (XSS) vulnerability in Metaslider plugin (v3.17.1), which exists in Image caption or description parameter in the slide creation module.
- Affected versions
-
max 3.17.2.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # db37be5c6273b7fbca2994a50a5bae946ab9debc
- CVE, Research URL
- Home page URL
- Date
- Sep 17, 2020
- Research Description
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider [ml-slider] < 3.17.2 WordPress Responsive Slider by MetaSlider plugin <= 3.17.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability found by Vishnupriya Ilango (Fortinet FortiGuard Labs) in WordPress Responsive Slider by MetaSlider plugin (versions <= 3.17.1).
- Affected versions
-
max 3.17.2.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # 49240f72da5449e0485de70c9e41a1181f2df412
- CVE, Research URL
- Home page URL
- Date
- Mar 22, 2023
- Research Description
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider [ml-slider] < 3.29.1 WordPress Meta Slider Plugin <= 3.29.0 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Meta Slider plugin to the latest available version (at least 3.29.1). WordFence discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Meta Slider Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 3.29.1.
- Affected versions
-
max 3.29.1.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # e6ff536041721a15fb67c2a2aa79733b7dc4814a
- CVE, Research URL
- Home page URL
- Date
- Oct 27, 2015
- Research Description
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider [ml-slider] < 2.2 WordPress Meta Slider Plugin <= 2.1.6 - Full Path Disclosure This plugin is prone to a full path disclosure vulnerability. Update the plugin.
- Affected versions
-
max 2.2.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # e899f0cb8405cfd436770c7b0952476c4154b99c
- CVE, Research URL
- Home page URL
- Date
- Aug 01, 2014
- Research Description
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider [ml-slider] < 2.2 Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.1.6 - Full Path Disclosure The Meta Slider plugin for WordPress is vulnerable to full path disclosure in versions up to, and including, 2.1.6. This makes it possible for unauthenticated attackers to discover the path of folders and files hosted on a vulnerable system.
- Affected versions
-
max 2.2.
- Status
-
vulnerable
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows # 47cffe4183ad23100c37289a218fe346e5af7c86
- CVE, Research URL
- Home page URL
- Date
- Mar 20, 2023
- Research Description
- Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider [ml-slider] < 3.29.1 Slider, Gallery, and Carousel by MetaSlider <= 3.29.0 - Reflected Cross-Site Scripting The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
- Affected versions
-
max 3.29.1.
- Status
-
vulnerable