Log out
Get PRO

Latest

Input validation vulnerability in Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce 2.6.3

  • Severity: high-risk
  • Status: Fixed
  • Publication: April 9, 2024

The plugin has a security issue that can be exploited in versions 2.6.3 and below. This can happen when untrusted information is processed in the import function through the ‘shortcode’ parameter. This can give attackers with administrator-level access the ability to inject a PHP Object. If there are other plugins or themes installed on the system, the attacker could potentially remove important files, access confidential information, or run their own code.

Detected in:

Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommerce fixed vulnerable versions: >= * <= 2.6.3
Carousel, Slider, Gallery by WP Carousel – Image Carousel with Lightbox & Photo Gallery, Video Slider, Post Carousel & Post Grid, Product Carousel & Product Grid fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.