cleantalk
Vulnerabilities and Security Researches

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows, 47cffe4183ad23100c37289a218fe346e5af7c86

CVE, Research URL

47cffe4183ad23100c37289a218fe346e5af7c86

Home page URL

Security reports for Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

Application

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

Published on
Mar 20, 2023
Research Description
Slider, Gallery, and Carousel by MetaSlider &#8211; Image Slider, Video Slider [ml-slider] < 3.29.1 Slider, Gallery, and Carousel by MetaSlider <= 3.29.0 - Reflected Cross-Site Scripting The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 3.29.1.
Status
vulnerable
Previous vulnerability researches
Elizaibots (CVE-2025-49893) , Aug 20, 2025
Elizaibots (abcf8d2a13b3fd2324a04f9724e5ac9347743677) , Jun 16, 2026
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar &#8211; Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026