Filtered by vendor Averta
Subscriptions
Total
56 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11373 | 2 Averta, Wordpress | 2 Slider And Popup Builder By Depicter, Wordpress | 2025-11-06 | 4.3 Medium |
| The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload limited files on the affected site's server. | ||||
| CVE-2025-5291 | 1 Averta | 1 Master Slider | 2025-07-02 | 6.4 Medium |
| The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's masterslider_pb and ms_slide shortcodes in all versions up to, and including, 3.10.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-31099 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 6.4 Medium |
| Missing Authorization vulnerability in Averta Shortcodes and extra features for Phlox theme auxin-elements.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.7. | ||||
| CVE-2023-37888 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-05-29 | 7.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in By Averta Shortcodes and extra features for Phlox theme allows PHP Local File Inclusion.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.14.0. | ||||
| CVE-2023-50900 | 1 Averta | 1 Master Slider | 2025-05-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.10. | ||||
| CVE-2024-32600 | 1 Averta | 1 Master Slider | 2025-05-27 | 8.3 High |
| Deserialization of Untrusted Data vulnerability in Averta Master Slider.This issue affects Master Slider: from n/a through 3.9.5. | ||||
| CVE-2024-32580 | 1 Averta | 1 Master Slider | 2025-05-27 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Master Slider allows Stored XSS.This issue affects Master Slider: from n/a through 3.9.8. | ||||
| CVE-2024-37222 | 1 Averta | 1 Master Slider | 2025-05-27 | 7.1 High |
| Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.10.0. | ||||
| CVE-2024-6490 | 1 Averta | 1 Master Slider | 2025-05-27 | 6.5 Medium |
| During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10. | ||||
| CVE-2024-12173 | 1 Averta | 1 Master Slider | 2025-05-15 | 3.5 Low |
| The Master Slider WordPress plugin before 3.10.5 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3359 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2025-04-22 | 8.8 High |
| The Shortcodes and extra features for Phlox theme WordPress plugin before 2.10.7 unserializes the content of an imported file, which could lead to PHP object injection when a user imports (intentionally or not) a malicious file and a suitable gadget chain is present on the blog. | ||||
| CVE-2023-50368 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2024-11-21 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Averta Shortcodes and extra features for Phlox theme allows Stored XSS.This issue affects Shortcodes and extra features for Phlox theme: from n/a through 2.15.2. | ||||
| CVE-2023-47508 | 1 Averta | 1 Master Slider | 2024-11-21 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Averta Master Slider Pro plugin <= 3.6.5 versions. | ||||
| CVE-2023-47507 | 1 Averta | 1 Master Slider Pro | 2024-11-21 | 7.1 High |
| Deserialization of Untrusted Data vulnerability in Master Slider Master Slider Pro.This issue affects Master Slider Pro: from n/a through 3.6.5. | ||||
| CVE-2022-1910 | 1 Averta | 1 Shortcodes And Extra Features For Phlox Theme | 2024-11-21 | 6.1 Medium |
| The Shortcodes and extra features for Phlox WordPress plugin before 2.9.8 does not sanitise and escape a parameter before outputting it back in the response, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2018-20368 | 1 Averta | 1 Master Slider | 2024-11-21 | N/A |
| The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. | ||||