Vulnerabilities > Averta > Master Slider > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-06-18 CVE-2024-4375 Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1/3.9.10
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_layer' shortcode in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the 'css_id' user supplied attribute.
network
low complexity
averta CWE-79
5.4
5.4
2024-06-01 CVE-2023-6382 Cross-site Scripting vulnerability in Averta Master Slider
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute.
network
low complexity
averta CWE-79
5.4
5.4
2024-05-21 CVE-2024-4470 Cross-site Scripting vulnerability in Averta Master Slider
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide_info' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'tag_name' attribute.
network
low complexity
averta CWE-79
5.4
5.4
2024-03-02 CVE-2024-0611 Cross-site Scripting vulnerability in Averta Master Slider
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5.
network
low complexity
averta CWE-79
4.8
4.8
2024-03-02 CVE-2024-1449 Cross-site Scripting vulnerability in Averta Master Slider
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
averta CWE-79
5.4
5.4
2024-03-02 CVE-2023-6326 Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3.
network
low complexity
averta CWE-352
4.3
4.3
2023-11-16 CVE-2023-47508 Unspecified vulnerability in Averta Master Slider 3.2.7/3.5.1
Unauth.
network
low complexity
averta
6.1
6.1
2018-12-23 CVE-2018-20368 Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
network
low complexity
averta CWE-79
5.4
5.4