A plugin called “B Carousel Block” for WordPress has a security issue in versions up to 1.1.5. This is because the plugin does not check the URLs provided by users before using them. This allows attackers with at least subscriber-level access to the website to make requests to any website they want. This can be used to access and change information from internal services.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
