cleantalk
Vulnerabilities and Security Researches

Depicter Slider – Responsive Image Slider, Video Slider & Post Slider, CVE-2024-4389

CVE, Research URL

CVE-2024-4389

Home page URL

Security reports for Depicter Slider – Responsive Image Slider, Video Slider & Post Slider

Application

Depicter Slider – Responsive Image Slider, Video Slider & Post Slider

Published on
Aug 14, 2024
Research Description
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 3.1.2.
Status
vulnerable
Previous vulnerability researches
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider (CVE-2022-47176) , Jun 10, 2024
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider (CVE-2025-2011) , May 06, 2025
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider (CVE-2024-4389) , Aug 14, 2024
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider (CVE-2024-37414) , Jul 02, 2024
Depicter Slider – Responsive Image Slider, Video Slider & Post Slider (5681bf64ac905decaccd79b80186594d2daf14ee) , Jun 06, 2024
New vulnerability
Total Donations (CVE-2025-43837) , May 07, 2025
Syndicate Out (CVE-2025-43836) , May 07, 2025
Relevanssi – A Better Search (CVE-2025-4054) , May 07, 2025
Meta Keywords & Description (CVE-2025-46454) , May 07, 2025
Royal Elementor Addons and Templates (CVE-2024-12120) , May 07, 2025