Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 11 known issues Latest disclosed Jun 13, 2025

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Vulnerabilities

Q: How many Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider vulnerabilities have patch guidance?

11 of 11 tracked Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider records include a published patch path.

Review known vulnerability records for the WordPress plugin Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider (`ml-slider`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-5337, CVE-2025-1062 and CVE-2025-1203, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Jun 14, 2025

Priority CVE Quick Links

Fast paths into Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2025-26763 High 3.95.0

CVE-2025-26763 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Vulnerability

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Editor+) PHP Object Injection

CVE-2025-5337 Medium 3.99.0

CVE-2025-5337 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Stored Cross-Site Scripting

Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter

CVE-2024-3285 Medium 3.70.1

CVE-2024-3285 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Stored Cross-Site Scripting

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows <= 3.70.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode

CVE-2023-1473 Medium 3.29.1

CVE-2023-1473 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Cross-Site Scripting

Slider, Gallery, and Carousel by MetaSlider <= 3.29.0 - Reflected Cross-Site Scripting

CVE-2014-4846 Medium 2.6

CVE-2014-4846 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Cross-Site Scripting

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting

CVE-2022-2823 Medium 3.27.9

CVE-2022-2823 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Stored Cross-Site Scripting

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 3.27.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

CVE-2025-1062 Medium 3.95.0

CVE-2025-1062 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Stored Cross-Site Scripting

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting

CVE-2025-1203 Medium 3.95.0

CVE-2025-1203 Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider Stored Cross-Site Scripting

Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

11 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 1 high severity finding.

Recent CVEs

CVE-2025-5337, CVE-2025-1062 and CVE-2025-1203

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-5337 Medium Patch path listed

CVE-2025-5337: Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter

The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0...

Published

Jun 13, 2025

Patch Status

3.99.0

Open CVE-2025-5337 Report

CVE-2025-1062 Medium Patch path listed

CVE-2025-1062: Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and i...

Published

Mar 02, 2025

Patch Status

3.95.0

Open CVE-2025-1062 Report

CVE-2025-1203 Medium Patch path listed

CVE-2025-1203: Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and i...

Published

Mar 02, 2025

Patch Status

3.95.0

Open CVE-2025-1203 Report

Known Vulnerabilities

Reports for Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-5337

CVE-2025-5337: Slider, Gallery, and Carousel by MetaSlider <= 3.98.0 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via aria-label Parameter

The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘aria-label’ parameter in all versions up to, and including, 3.98.0 due to insufficient input sanitization and output escaping. This makes it possible for aut...

Published

Jun 13, 2025

Patched Release

3.99.0

Affected Versions

Versions up to 3.98.0

Next Step

Update to 3.99.0 or newer if supported.

Open CVE-2025-5337 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-1062

CVE-2025-1062: Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.94.0 due to insufficient input sanitization and output escaping. This makes it...

Published

Mar 02, 2025

Patched Release

3.95.0

Affected Versions

Versions up to 3.94.0

Next Step

Update to 3.95.0 or newer if supported.

Open CVE-2025-1062 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-1203

CVE-2025-1203: Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Published

Mar 02, 2025

Patched Release

3.95.0

Affected Versions

Versions up to 3.94.0

Next Step

Update to 3.95.0 or newer if supported.

Open CVE-2025-1203 Report Open CVE Reference

Plugin High Patched: Yes CVE-2025-26763

CVE-2025-26763: Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.94.0 - Authenticated (Editor+) PHP Object Injection

The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.94.0 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Ed...

Published

Feb 14, 2025

Patched Release

3.95.0

Affected Versions

Versions up to 3.94.0

Next Step

Update to 3.95.0 or newer if supported.

Open CVE-2025-26763 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-24533

CVE-2025-24533: Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider <= 3.92.0 - Cross-Site Request Forgery

The Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.92.0. This is due to missing or incorrect nonce validation on an unknown function. This makes it p...

Published

Nov 09, 2024

Patched Release

3.92.1

Affected Versions

Versions up to 3.92.0

Next Step

Update to 3.92.1 or newer if supported.

Open CVE-2025-24533 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-3285

CVE-2024-3285: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows <= 3.70.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via metaslider Shortcode

The Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Slideshows plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'metaslider' shortcode in all versions up to, and including, 3.70.0 due to insufficient input sanitization and outp...

Published

Apr 10, 2024

Patched Release

3.70.1

Affected Versions

Versions up to 3.70.0

Next Step

Update to 3.70.1 or newer if supported.

Open CVE-2024-3285 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-1473

CVE-2023-1473: Slider, Gallery, and Carousel by MetaSlider <= 3.29.0 - Reflected Cross-Site Scripting

The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page’ parameter in versions up to, and including, 3.29.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenti...

Published

Mar 20, 2023

Patched Release

3.29.1

Affected Versions

Versions up to 3.29.0

Next Step

Update to 3.29.1 or newer if supported.

Open CVE-2023-1473 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-2823

CVE-2022-2823: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 3.27.8 - Authenticated (Administrator+) Stored Cross-Site Scripting

The "Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin" plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.27.8 due to insufficient input sanitization and output escaping of some of its parameters. This ma...

Published

Sep 14, 2022

Patched Release

3.27.9

Affected Versions

3.27.8 through 3.27.8

Next Step

Update to 3.27.9 or newer if supported.

Open CVE-2022-2823 Report Open CVE Reference

Plugin Medium Patched: Yes

Slider, Gallery, and Carousel by MetaSlider <= 3.17.1 - Authenticated Stored Cross-Site Scripting

The Slider, Gallery, and Carousel by MetaSlider plugin for WordPress is vulnerable to Stored Cross Site Scripting in versions up to, and including, 3.17.1. The patch adds extra filtering of captions using HTML Purifier where there appeared to be a stored cross-site scripting vuln...

Published

Aug 28, 2020

Patched Release

3.17.2

Affected Versions

Versions before 3.17.2

Next Step

Update to 3.17.2 or newer if supported.

Open Full Report

Plugin Medium Patched: Yes CVE-2014-4846

CVE-2014-4846: Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.5 - Cross-Site Scripting

Cross-site scripting (XSS) vulnerability in the Meta Slider (ml-slider) plugin 2.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to wp-admin/admin.php.

Published

Aug 01, 2014

Patched Release

2.6

Affected Versions

Versions up to 2.5

Next Step

Update to 2.6 or newer if supported.

Open CVE-2014-4846 Report Open CVE Reference

Plugin Medium Patched: Yes

Slider, Gallery, and Carousel by MetaSlider – Responsive WordPress Plugin <= 2.1.6 - Full Path Disclosure

The Meta Slider plugin for WordPress is vulnerable to full path disclosure in versions up to, and including, 2.1.6. This makes it possible for unauthenticated attackers to discover the path of folders and files hosted on a vulnerable system.

Published

Aug 01, 2014

Patched Release

2.2

Affected Versions

Versions up to 2.1.6

Next Step

Update to 2.2 or newer if supported.

Open Full Report