cleantalk
Vulnerabilities and Security Researches

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows, CVE-2025-5337

CVE, Research URL

CVE-2025-5337

Home page URL

Security reports for Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

Application

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows

Published on
Jun 14, 2025
Research Description
The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 3.99.0.
Status
vulnerable
Previous vulnerability researches
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows (CVE-2025-5337) , Jun 15, 2025
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows (CVE-2025-1203) , May 08, 2025
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows (CVE-2025-1062) , May 08, 2025
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows (CVE-2025-24533) , Jan 28, 2025
Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows (CVE-2025-26763) , Feb 21, 2025
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025