Master Slider – Responsive Touch Slider

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Master Slider – Responsive Touch Slider

Information

Software Type Plugin
Software Slug master-slider (view on wordpress.org)
Software Status Removed
Software Author averta
Software Website wordpress.org
Software Downloads 2,831,671
Software Active Installs 90,000
Software Record Last Updated July 26, 2024

12 Vulnerabilities

Master Slider <= 3.9.10 - Reflected Cross-Site Scripting
6.1
CVE-2024-37222
Jun 20, 2024
Researcher: Rafie Muhammad
Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode
6.4
CVE-2024-4375
Jun 17, 2024
Researcher: Krzysztof Zając
Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2023-6382
May 31, 2024
Researcher: Rafshanzani Suhada
Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-4470
May 20, 2024
Researcher: wesley (wcraft)
Master Slider <= 3.9.5 - Unauthenticated PHP Object Injection
9.8
CVE-2024-32600
Apr 16, 2024
Researcher: Rafie Muhammad
Master Slider – Responsive Touch Slider <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-32580
Apr 16, 2024
Researcher: LVT-tholv2k
Master Slider - Responsive Touch Slider <= 3.9.10 - Cross-Site Request Forgery via process_bulk_action
5.4
CVE-2023-6326
Mar 1, 2024
Researcher: Rafshanzani Suhada
Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback
4.4
CVE-2024-0611
Mar 1, 2024
Researcher: Akbar Kustirama
Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-1449
Mar 1, 2024
Researcher: Bassem Essam
Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting
5.4
CVE-2018-20368
Nov 14, 2018
Researcher: Vulnerability Lab
Master Slider <= 2.7.1 - Cross-Site Scripting
6.1
CVE ID Unknown
Jul 16, 2016
Researcher: Yorick Koster,
Master Slider - Responsive Touch Slider <= 2.5.1 - Authenticated Blind SQL Injection
8.8
CVE ID Unknown
Aug 20, 2015
Researcher: Marcin Probola
Title Status CVE ID CVSS Researchers Date
Master Slider <= 3.9.10 - Reflected Cross-Site Scripting Unpatched CVE-2024-37222 6.1 Rafie Muhammad June 20, 2024
Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via ms_layer Shortcode Unpatched CVE-2024-4375 6.4 Krzysztof Zając June 17, 2024
Master Slider - Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2023-6382 6.4 Rafshanzani Suhada May 31, 2024
Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-4470 6.4 wesley (wcraft) May 20, 2024
Master Slider <= 3.9.5 - Unauthenticated PHP Object Injection Patched CVE-2024-32600 9.8 Rafie Muhammad April 16, 2024
Master Slider – Responsive Touch Slider <= 3.9.8 - Authenticated (Contributor+) Stored Cross-Site Scripting Patched CVE-2024-32580 6.4 LVT-tholv2k April 16, 2024
Master Slider - Responsive Touch Slider <= 3.9.10 - Cross-Site Request Forgery via process_bulk_action Unpatched CVE-2023-6326 5.4 Rafshanzani Suhada March 1, 2024
Master Slider – Responsive Touch Slider <= 3.9.9 - Authenticated(Editor+) Stored Cross-Site Scripting via slider callback Unpatched CVE-2024-0611 4.4 Akbar Kustirama March 1, 2024
Master Slider – Responsive Touch Slider <= 3.9.10 - Authenticated (Contributor+) Stored Cross-Site Scripting Unpatched CVE-2024-1449 6.4 Bassem Essam March 1, 2024
Master Slider <= 3.7.0 - Authenticated Stored Cross-Site Scripting Patched CVE-2018-20368 5.4 Vulnerability Lab November 14, 2018
Master Slider <= 2.7.1 - Cross-Site Scripting Patched 6.1 Yorick Koster, July 16, 2016
Master Slider - Responsive Touch Slider <= 2.5.1 - Authenticated Blind SQL Injection Patched 8.8 Marcin Probola August 20, 2015

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation