Averta Master Slider Responsive Touch Slider vulnerabilities

CVE-2025-5291 [MEDIUM] CWE-79 CVE-2025-5291: The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wit

CVE-2024-13757 [MEDIUM] CWE-79 CVE-2024-13757: The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_layer shortcode in all versions up to, and including, 3.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level

CVE-2024-11731 [MEDIUM] CWE-79 CVE-2024-11731: The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slider shortcode in all versions up to, and including, 3.10.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-leve

CVE-2024-37222 [MEDIUM] CWE-79 CVE-2024-37222: Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue aff Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0.

CVE-2023-50900 [MEDIUM] CWE-352 CVE-2023-50900: Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Sl Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10.

CVE-2023-6382 [MEDIUM] CWE-79 CVE-2023-6382: The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This makes it possible for authenticated attackers with contribu

CVE-2024-4470 [MEDIUM] CWE-79 CVE-2024-4470: The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tag_name' attribute. This makes it possible for authenticated attackers, with con

CVE-2024-0611 [MEDIUM] CWE-79 CVE-2024-0611: The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses

CVE-2024-1449 [MEDIUM] CWE-79 CVE-2024-1449: The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'src' user supplied attributes. This makes it possible for authenticated attackers with contributo