This page lists publicly disclosed CVE vulnerabilities affecting nextendweb smart_slider_3 (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-45845 | Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. | [email protected] | 4.3 | 0.54% | 2024-01-19 | 2026-04-28 |
| CVE-2023-0660 | The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | [email protected] | 5.4 | 0.48% | 2023-03-27 | 2025-02-19 |
| CVE-2022-45843 | Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions. | [email protected] | 5.4 | 0.38% | 2023-03-23 | 2024-11-21 |
| CVE-2022-3357 | The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site. | [email protected] | 8.8 | 1.90% | 2022-10-31 | 2025-05-06 |