cleantalk
Vulnerabilities and Security Researches

Smart Slider 3, CVE-2021-24382

CVE, Research URL

CVE-2021-24382

Home page URL

Security reports for Smart Slider 3

Application

Smart Slider 3

Published on
Jun 14, 2021
Research Description
The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed.
Affected versions
Min -, max 3.5.0.9.
Status
vulnerable
Previous vulnerability researches
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Smart Slider 3 (CVE-2024-3027) , Jun 07, 2024
Smart Slider 3 (CVE-2021-24382) , Jun 07, 2024
Smart Slider 3 (CVE-2022-3357) , Jun 07, 2024
Smart Slider 3 (CVE-2022-45845) , Jun 07, 2024
New vulnerability
Best Contact Management Software for WordPress (CVE-2025-8315) , Aug 06, 2025
oik (CVE-2025-54671) , Aug 06, 2025
StoreKeeper for WooCommerce (CVE-2025-48148) , Aug 06, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54681) , Aug 06, 2025
AI Engine , Aug 06, 2025