CVE-2024-4002

The Carousel, Slider, Gallery by WP Carousel WordPress plugin before 2.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:techearty:carousel\,_slider\,_gallery_by_wp_carousel:*:*:*:*:*:wordpress:*:*

History

05 Jun 2025, 14:24

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-15 20:15

Updated : 2025-06-05 14:24


NVD link : CVE-2024-4002

Mitre link : CVE-2024-4002

CVE.ORG link : CVE-2024-4002


JSON object : View

Products Affected

techearty

  • carousel\,_slider\,_gallery_by_wp_carousel
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')