cleantalk
Vulnerabilities and Security Researches

Master Slider – Responsive Touch Slider, CVE-2024-0611

CVE, Research URL

CVE-2024-0611

Home page URL

Security reports for Master Slider – Responsive Touch Slider

Application

Master Slider – Responsive Touch Slider

Published on
Mar 02, 2024
Research Description
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 3.9.9.
Status
vulnerable
Previous vulnerability researches
Master Slider – Responsive Touch Slider (CVE-2024-37222) , Jun 21, 2024
Master Slider – Responsive Touch Slider (CVE-2024-6490) , Jul 28, 2024
Master Slider – Responsive Touch Slider (CVE-2025-39412) , Apr 29, 2025
Master Slider – Responsive Touch Slider (CVE-2023-50900) , Jul 22, 2024
Master Slider – Responsive Touch Slider (CVE-2024-12173) , Feb 21, 2025
New vulnerability
My Tickets (CVE-2025-3761) , Apr 29, 2025
Mang Board WP (CVE-2025-3435) , Apr 29, 2025
Church Admin (CVE-2025-39553) , Apr 29, 2025
Ocean Extra (CVE-2025-3457) , Apr 29, 2025
Ocean Extra (CVE-2025-3458) , Apr 29, 2025