Vulnerabilities and security researches forpost-carousel-slider-for-elementor post-carousel-slider-for-elementor

Jun 30, 2025

CVE, Research URL: CVE-2025-3863
Home page URL: Security reports for Post Carousel Slider for Elementor
Application: Post Carousel Slider for Elementor
Date: Jun 26, 2025
Research Description: The Post Carousel Slider for Elementor plugin for WordPress is vulnerable to improper authorization due to a missing capability check on the process_wbelps_promo_form() function in all versions up to, and including, 1.6.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to trigger the plugin’s support‐form handler to send arbitrary emails to the site’s support address.
Affected versions: Min -, max -.
Status: vulnerable

Dec 02, 2024

CVE, Research URL: CVE-2024-53749
Home page URL: Security reports for Post Carousel Slider for Elementor
Application: Post Carousel Slider for Elementor
Date: Dec 01, 2024
Research Description: Post Carousel Slider for Elementor [post-carousel-slider-for-elementor] <= 1.4.0 (unfixed) CVE-2024-53749 [en] Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Stored XSS.This issue affects Post Carousel Slider for Elementor: from n/a through 1.4.0.
Affected versions: Min -, max -.
Status: vulnerable