cleantalk
Vulnerabilities and Security Researches

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows, CVE-2025-1203

CVE, Research URL

CVE-2025-1203

Home page URL

Security reports for Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

Application

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

Published on
Mar 24, 2025
Research Description
The Slider, Gallery, and Carousel by MetaSlider WordPress plugin before 3.95.0 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions
Min -, max 3.95.0.
Status
vulnerable
Previous vulnerability researches
Labinator Content Types Duplicator (CVE-2025-31809) , Apr 03, 2025
Theme Duplicator (CVE-2025-31845) , Apr 03, 2025
WP Bulk Post Duplicator (CVE-2025-28884) , Mar 13, 2025
Multisite Post Duplicator (CVE-2016-10944) , Jun 07, 2024
Theme File Duplicator (CVE-2025-27283) , Feb 27, 2025
New vulnerability
Drag and Drop Multiple File Upload for WooCommerce (CVE-2025-4403) , May 11, 2025
Contact Us By Lord Linus (CVE-2025-1382) , May 11, 2025
Contact Form by WPForms – Drag & Drop Form Builder for WordPress (CVE-2025-3794) , May 10, 2025
Jeg Elementor Kit (CVE-2025-2944) , May 10, 2025
1 Click WordPress Migration Plugin – 100% FREE for a limited time (CVE-2025-3455) , May 10, 2025