cleantalk
Vulnerabilities and Security Researches

Depicter Slider – Responsive Image Slider, Video Slider & Post Slider, CVE-2025-11373

CVE, Research URL

CVE-2025-11373

Home page URL

Security reports for Depicter Slider – Responsive Image Slider, Video Slider & Post Slider

Application

Depicter Slider – Responsive Image Slider, Video Slider & Post Slider

Published on
Nov 05, 2025
Research Description
The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload limited files on the affected site's server.
Affected versions
max 4.0.5.
Status
vulnerable
Previous vulnerability researches
WP Statistics (CVE-2025-9816) , Nov 10, 2025
WP Statistics , May 27, 2025
WP Statistics (CVE-2025-55716) , Aug 16, 2025
WP Statistics (CVE-2022-25149) , Jun 07, 2024
WP Statistics (CVE-2022-25307) , Jun 07, 2024
New vulnerability
Centangle-Team (CVE-2025-12456) , Nov 11, 2025
TablePress – Tables in WordPress made easy (CVE-2025-12324) , Nov 11, 2025
WP User Manager – User Profile Builder & Membership (CVE-2025-60245) , Nov 11, 2025
Auto Featured Image (Auto Post Thumbnail) (CVE-2025-10145) , Nov 11, 2025
Digiseller (CVE-2025-10141) , Nov 11, 2025