Majeedraza Carousel Slider vulnerabilities

CVE-2023-41848 [MEDIUM] CWE-862 CVE-2023-41848: Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Con Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2.

CVE-2024-6850 [MEDIUM] CWE-79 CVE-2024-6850: The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, The Carousel Slider WordPress plugin before 2.2.4 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed

CVE-2024-45269 [MEDIUM] CWE-352 CVE-2024-45269: WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vu WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.

CVE-2024-45270 [MEDIUM] CWE-352 CVE-2024-45270: WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vu WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.

CVE-2024-4372 [MEDIUM] CWE-79 CVE-2024-4372: The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, whi The Carousel Slider WordPress plugin before 2.2.11 does not sanitise and escape some parameters, which could allow users with a role as low as editor to perform Cross-Site Scripting attacks

CVE-2024-3703 [MEDIUM] CWE-79 CVE-2024-3703: The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide op The Carousel Slider WordPress plugin before 2.2.10 does not validate and escape some of its Slide options before outputting them back in the page/post where the related Slide shortcode is embed, which could allow users with the Editor role and above to perform Stored Cross-Site Scripting attacks

CVE-2024-1712 [MEDIUM] CWE-79 CVE-2024-1712: The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)