VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 6 known issues Latest disclosed Aug 30, 2024

Carousel Slider Vulnerabilities

Review known vulnerability records for the WordPress plugin Carousel Slider (`carousel-slider`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2024-45269, CVE-2024-45270 and CVE-2024-6850, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
6
High or Critical
0
Patch Coverage
100%
Last Updated
Oct 04, 2024
Priority CVE Quick Links

Fast paths into Carousel Slider CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
6
CVE-2024-4372 Medium 2.2.11
CVE-2024-4372 Carousel Slider Stored Cross-Site Scripting

Carousel Slider <= 2.2.10 - Authenticated (Editor+) Stored Cross-Site Scripting

CVE-2024-6850 Medium 2.2.14
CVE-2024-6850 Carousel Slider Stored Cross-Site Scripting

Carousel Slider <= 2.2.13 - Authenticated (Editor+) Stored Cross-Site Scripting

CVE-2024-3703 Medium 2.2.10
CVE-2024-3703 Carousel Slider Stored Cross-Site Scripting

Carousel Slider <= 2.2.9 - Authenticated (Editor+) Stored Cross-Site Scripting

CVE-2024-45269 Medium 2.0.0
CVE-2024-45269 Carousel Slider Cross-Site Request Forgery

Carousel Slider <= 1.10.2 - Cross-Site Request Forgery

CVE-2024-45270 Medium 2.2.4
CVE-2024-45270 Carousel Slider Cross-Site Request Forgery

Carousel Slider <= 2.2.3 - Cross-Site Request Forgery

CVE-2023-41848 Medium 2.2.3
CVE-2023-41848 Carousel Slider Vulnerability

Carousel Slider <= 2.2.2 - Missing Authorization

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Carousel Slider so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
6 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 0 high severity findings.
Recent CVEs
CVE-2024-45269, CVE-2024-45270 and CVE-2024-6850
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Carousel Slider

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2024-45269
CVE-2024-45269: Carousel Slider <= 1.10.2 - Cross-Site Request Forgery

The Carousel Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.10.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to manipulate data from the...

Published
Aug 30, 2024
Patched Release
2.0.0
Affected Versions
Versions up to 1.10.2
Next Step
Update to 2.0.0 or newer if supported.
Open CVE-2024-45269 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-45270
CVE-2024-45270: Carousel Slider <= 2.2.3 - Cross-Site Request Forgery

The Carousel Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.3. This is due to missing or incorrect nonce validation on the add_slide_template() function. This makes it possible for unauthenticated attackers to add...

Published
Aug 30, 2024
Patched Release
2.2.4
Affected Versions
Versions up to 2.2.3
Next Step
Update to 2.2.4 or newer if supported.
Open CVE-2024-45270 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-6850
CVE-2024-6850: Carousel Slider <= 2.2.13 - Authenticated (Editor+) Stored Cross-Site Scripting

The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via settings in all versions up to, and including, 2.2.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor-level permis...

Published
Aug 23, 2024
Patched Release
2.2.14
Affected Versions
Versions up to 2.2.13
Next Step
Update to 2.2.14 or newer if supported.
Open CVE-2024-6850 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-4372
CVE-2024-4372: Carousel Slider <= 2.2.10 - Authenticated (Editor+) Stored Cross-Site Scripting

The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url view parameter in all versions up to, and including, 2.2.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

Published
Apr 30, 2024
Patched Release
2.2.11
Affected Versions
Versions up to 2.2.10
Next Step
Update to 2.2.11 or newer if supported.
Open CVE-2024-4372 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3703
CVE-2024-3703: Carousel Slider <= 2.2.9 - Authenticated (Editor+) Stored Cross-Site Scripting

The Carousel Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via slide options settings in all versions up to, and including, 2.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with editor...

Published
Apr 12, 2024
Patched Release
2.2.10
Affected Versions
Versions up to 2.2.9
Next Step
Update to 2.2.10 or newer if supported.
Open CVE-2024-3703 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-41848
CVE-2023-41848: Carousel Slider <= 2.2.2 - Missing Authorization

The Carousel Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle_optin_optout() function hooked via 'admin_init' in versions up to, and including, 2.2.2. This makes it possible for unauthenticated attacker...

Published
Sep 05, 2023
Patched Release
2.2.3
Affected Versions
Versions up to 2.2.2
Next Step
Update to 2.2.3 or newer if supported.
Open CVE-2023-41848 Report Open CVE Reference