Quantumcloud Slider Hero
By the Year
In 2024 there have been 0 vulnerabilities in Quantumcloud Slider Hero . Last year Slider Hero had 2 security vulnerabilities published. Right now, Slider Hero is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 2 | 4.30 |
| 2022 | 1 | 4.80 |
| 2021 | 1 | 8.80 |
| 2020 | 0 | 0.00 |
| 2019 | 0 | 0.00 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Slider Hero vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Quantumcloud Slider Hero Security Vulnerabilities
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0
CVE-2021-4424
4.3 - Medium
- July 12, 2023
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Session Riding
** REJECT ** CVE split into individual CVE IDs for each software record.
CVE-2021-4342
- June 07, 2023
** REJECT ** CVE split into individual CVE IDs for each software record.
The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could
CVE-2022-3074
4.8 - Medium
- September 26, 2022
The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks.
XSS
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement
CVE-2021-24506
8.8 - High
- August 23, 2021
The Slider Hero with Animation, Video Background & Intro Maker WordPress plugin before 8.2.7 does not sanitise or escape the id attribute of its hero-button shortcode before using it in a SQL statement, allowing users with a role as low as Contributor to perform SQL injection.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Quantumcloud Slider Hero or by Quantumcloud? Click the Watch button to subscribe.
