Vulnerabilities and security researches forslider-wd slider-wd

Jun 07, 2024

CVE, Research URL: CVE-2022-4197
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Dec 26, 2022
Research Description: The Sliderby10Web WordPress plugin before 1.2.53 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.2.53.
Status: vulnerable

CVE, Research URL: CVE-2021-24132
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Mar 18, 2021
Research Description: The Slider by 10Web WordPress plugin, versions before 1.2.36, in the bulk_action, export_full and save_slider_db functionalities of the plugin were vulnerable, allowing a high privileged user (Admin), or medium one such as Contributor+ (if "Role Options" is turn on for other users) to perform a SQL Injection attacks.
Affected versions: max 1.2.36.
Status: vulnerable

CVE, Research URL: CVE-2022-1320
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: May 23, 2022
Research Description: The Sliderby10Web WordPress plugin before 1.2.52 does not properly sanitize and escape some of its settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions: max 1.2.52.
Status: vulnerable

CVE, Research URL: CVE-2024-32578
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Apr 18, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web: from n/a through 1.2.54.
Affected versions: max 1.2.55.
Status: vulnerable

Jun 30, 2024

CVE, Research URL: CVE-2024-6026
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Jul 11, 2024
Research Description: The Slider by 10Web WordPress plugin before 1.2.56 does not sanitise and escape some of its Slide options, which could allow authenticated users with access to the Sliders (by default Administrator, however this can be changed via the Slider by 10Web WordPress plugin before 1.2.56's options) and the ability to add images (Editor+) to perform Stored Cross-Site Scripting attacks
Affected versions: max 1.2.56.
Status: vulnerable

Aug 02, 2024

CVE, Research URL: CVE-2024-6408
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Jul 31, 2024
Research Description: The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
Affected versions: max 1.2.57.
Status: vulnerable

Aug 09, 2024

CVE, Research URL: CVE-2024-7150
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Aug 08, 2024
Research Description: The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the 'id' parameter in all versions up to, and including, 1.2.57 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 1.2.58.
Status: vulnerable

Oct 02, 2024

CVE, Research URL: CVE-2024-8283
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Sep 30, 2024
Research Description: The Slider by 10Web WordPress plugin before 1.2.59 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.2.59.
Status: vulnerable

Mar 27, 2025

CVE, Research URL: CVE-2024-10565
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Mar 25, 2025
Research Description: The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.2.62.
Status: vulnerable

CVE, Research URL: CVE-2024-10566
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Mar 25, 2025
Research Description: The Slider by 10Web WordPress plugin before 1.2.62 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 1.2.62.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: c35af831bad5ffedbb22864b0901742357a86538
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: Sep 29, 2020
Research Description: Slider by 10Web – Responsive Image Slider [slider-wd] < 1.2.36 WordPress Slider by 10Web plugin <= 1.2.35 - Multiple Authenticated SQL Injection (SQLi) vulnerabilities Multiple Authenticated SQL Injection (SQLi) vulnerabilities found by Nguyen Anh Tien in WordPress Slider by 10Web plugin (versions <= 1.2.35).
Affected versions: max 1.2.36.
Status: vulnerable

CVE, Research URL: b034a2d9a95ce88dee45df6eb6eeb30de3de591b
Home page URL: Security reports for Sliderby10Web
Application: Sliderby10Web
Date: -
Research Description: Slider by 10Web – Responsive Image Slider [slider-wd] < 1.2.53 WordPress Slider by 10Web Plugin <= 1.2.52 is vulnerable to Cross Site Scripting (XSS) Update the WordPress Slider by 10Web plugin to the latest available version (at least 1.2.53). zhangyunpei discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Slider by 10Web Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.2.53.
Affected versions: max 1.2.53.
Status: vulnerable