GCVE - cpe:2.3:a:averta:depicter_slider:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:averta:depicter_slider:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Averta (`054c540e-9470-56d7-bb73-99461b2dbaae`)
Product	Depicter Slider (`39d56350-260d-5ba3-993d-5a192333e07b`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-47381`	vulnerable	2026-06-03 14:57:01.161171	WordPress Slider & Popup Builder by Depicter plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in averta Depicter Slider depicter allows Stored XSS.This issue affects Depicter Slider: from n/a through <= 3.2.2. Published: 2024-10-05T14:58:37.812Z Updated: 2026-04-28T16:10:19.942Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/depicter/vulnerability/wordpress-slider-popup-builder-by-depicter-add-image-slider-carousel-slider-exit-intent-popup-popup-modal-coupon-popup-post-slider-carousel-plugin-3-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-47359`	vulnerable	2026-06-03 14:57:01.111318	WordPress Depicter plugin <= 3.2.2 - Broken Access Control vulnerability MEDIUM (5.3) Cross-Site Request Forgery (CSRF) vulnerability in averta Depicter Slider depicter.This issue affects Depicter Slider: from n/a through <= 3.2.2. Published: 2024-11-01T14:17:03.500Z Updated: 2026-04-28T16:10:19.604Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/depicter/vulnerability/wordpress-depicter-plugin-3-2-2-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-43161`	vulnerable	2026-06-03 14:56:44.617470	WordPress Slider & Popup Builder by Depicter plugin <= 3.1.2 - Cross Site Scripting (XSS) vulnerability MEDIUM (5.9) Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.1.2. Published: 2024-08-12T22:01:46.097Z Updated: 2026-04-28T16:10:09.274Z Open on db.gcve.eu Reference links https://patchstack.com/database/vulnerability/depicter/wordpress-slider-popup-builder-by-depicter-plugin-3-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-1357`	vulnerable	2026-06-03 14:54:26.768355	Shortcodes and extra features for Phlox theme <= 2.15.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aux_timeline' Shortcode MEDIUM (6.4) The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_timeline shortcode in all versions up to, and including, 2.15.7 due to insufficient input sanitization and output escaping on user supplied attributes such as thumb_mode and date_type. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2024-04-16T09:33:00.476Z Updated: 2026-04-08T17:35:04.789Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/fe175315-99ef-438a-b5b0-a5f190403116?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3074455%40auxin-elements&new=3074455%40auxin-elements&sfp_email=&sfph_mail=#file8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-6493`	vulnerable	2026-06-03 14:53:51.980585	Depicter Slider – Responsive Image Slider, Video Slider & Post Slider <= 2.0.6 - Cross-Site Request Forgery via save MEDIUM (4.3) The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. CVE-2023-51491 appears to be a duplicate of this issue. Published: 2024-01-05T02:02:20.669Z Updated: 2026-04-08T17:21:58.783Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c907ea-3ab4-4674-8945-ade4f6ff2679?source=cve https://plugins.trac.wordpress.org/changeset/3013596/depicter/trunk/app/src/WordPress/Settings/Settings.php	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-47176`	vulnerable	2026-06-03 14:48:27.023937	WordPress Depicter Slider plugin <= 1.9.0 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0. Published: 2024-12-13T14:22:10.569Z Updated: 2026-04-28T16:07:57.135Z Open on db.gcve.eu Reference links https://patchstack.com/database/wordpress/plugin/depicter/vulnerability/wordpress-depicter-slider-plugin-1-7-3-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.