GCVE - cpe:2.3:a:nextendweb:smart_slider_3:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:nextendweb:smart_slider_3:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Nextendweb (`da1c10d6-feae-5ddb-8d3b-18a68fcd20ef`)
Product	Smart Slider 3 (`0b04fd46-738b-5c29-9f26-2d0016926fc9`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-0660`	vulnerable	2026-06-08 05:52:32.222209	Smart Slider 3 < 3.5.1.14 - Contributor+ Stored XSS The Smart Slider 3 WordPress plugin before 3.5.1.14 does not properly validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks Published: 2023-03-27T15:37:19.768Z Updated: 2025-02-19T19:01:04.954Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/3fe712bc-ce7f-4b30-9fc7-1ff15aa5b6ce	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45845`	vulnerable	2026-06-08 05:50:37.320144	WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to PHP Object Injection MEDIUM (4.3) Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9. Published: 2024-01-19T14:42:11.441Z Updated: 2026-04-28T16:07:54.088Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/smart-slider-3/wordpress-smart-slider-3-plugin-3-5-1-9-auth-php-object-injection-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-45843`	vulnerable	2026-06-08 05:50:37.319659	WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to Cross Site Scripting (XSS) MEDIUM (5.4) Auth. (contributor+) Stored Cross-Site Scripting vulnerability in Nextend Smart Slider 3 plugin <= 3.5.1.9 versions. Published: 2023-03-23T11:28:31.187Z Updated: 2026-04-28T16:07:54.065Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/smart-slider-3/wordpress-smart-slider-3-3-5-1-9-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3357`	vulnerable	2026-06-08 05:48:20.728257	Smart Slider 3 < 3.5.1.11 - PHP Object Injection The Smart Slider 3 WordPress plugin before 3.5.1.11 unserialises the content of an imported file, which could lead to PHP object injection issues when a user import (intentionally or not) a malicious file, and a suitable gadget chain is present on the site. Published: 2022-10-31T00:00:00.000Z Updated: 2025-05-06T20:42:09.071Z Open on db.gcve.eu Reference links https://wpscan.com/vulnerability/2e28a4e7-e7d3-485c-949c-e300e5b66cbd	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.