| CVE-2025-9372 | Ultimate Multi Design Video Carousel <= 1.4 - Authenticated (Editor+) Stored Cross-Site Scripting | gbsdeveloper | Ultimate Multi Design Video Carousel | Medium | 5.5 | 2025-10-03 11:17:18 | Deep Dive |
| CVE-2025-58652 | WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability | Themepoints | Carousel Ultimate | Medium | 6.5 | 2025-09-22 18:23:09 | Deep Dive |
| CVE-2025-58820 | WordPress Carousel Ultimate Plugin <= 1.8 - Cross Site Scripting (XSS) Vulnerability | Themepoints | Carousel Ultimate | Medium | 5.9 | 2025-09-05 13:45:19 | Deep Dive |
| CVE-2025-24782 | WordPress Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin <= 1.6.10 - Local File Inclusion vulnerability | wpWax | Post Grid, Slider & Carousel Ultimate | Medium | 6.5 | 2025-01-27 14:22:20 | Deep Dive |
| CVE-2025-24681 | WordPress Product Carousel Slider & Grid Ultimate for WooCommerce Plugin <= 1.10.0 - Cross Site Scripting (XSS) vulnerability | wpWax | Product Carousel Slider & Grid Ultimate for WooCommerce | Medium | 5.9 | 2025-01-24 17:24:54 | Deep Dive |
| CVE-2024-13408 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:33 | Deep Dive |
| CVE-2024-13409 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.10 - Authenticated (Contributor+) Local File Inclusion via post_type_ajax_handler() | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 7.5 | 2025-01-24 11:07:31 | Deep Dive |
| CVE-2025-23933 | WordPress WpF Ultimate Carousel plugin <= 1.0.11 - Stored Cross Site Scripting (XSS) vulnerability | wpfreeware | WpF Ultimate Carousel | Medium | 6.5 | 2025-01-16 20:07:59 | Deep Dive |
| CVE-2024-10536 | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor <= 6.0.0 - Missing Authorization to Authenticated (Subscriber+) Shortcode Export | wpqode | FancyPost – Post Blocks, Grids & Sliders for Block Editor and Elementor | Medium | 4.3 | 2025-01-07 05:24:09 | Deep Dive |
| CVE-2024-12040 | Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion via 'theme' | wpwax | Product Carousel Slider & Grid Ultimate for WooCommerce | High | 8.8 | 2024-12-12 05:24:20 | Deep Dive |
| CVE-2022-4974 | Freemius SDK <= 2.4.2 - Missing Authorization Checks | dashlabsltd | YASR – Yet Another Star Rating Plugin for WordPress | Medium | 6.3 | 2024-10-16 06:43:30 | Deep Dive |
| CVE-2024-44048 | WordPress Product Carousel Slider & Grid Ultimate for WooCommerce plugin <= 1.9.10 - Authenticated Local File Inclusion vulnerability | wpWax | Product Carousel Slider & Grid Ultimate for WooCommerce | Medium | 6.5 | 2024-09-23 00:03:59 | Deep Dive |
| CVE-2024-8046 | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.4.1 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload | wpwax | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | Medium | 6.4 | 2024-08-27 07:34:33 | Deep Dive |
| CVE-2024-38686 | WordPress FancyPost plugin <= 5.3.1 - Cross Site Scripting (XSS) vulnerability | Pluginic | FancyPost – Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor | Medium | 6.5 | 2024-07-20 07:40:06 | Deep Dive |
| CVE-2024-5662 | Ultimate Post Kit Addons For Elementor – (Post Grid, Post Carousel, Post Slider, Category List, Post Tabs, Timeline, Post Ticker, Tag Cloud) <= 3.11.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Social Count (Static) Widget | bdthemes | Ultimate Post Kit Addons for Elementor | Medium | 6.4 | 2024-06-28 08:33:29 | Deep Dive |
| CVE-2024-29925 | WordPress Post Grid, Slider & Carousel Ultimate plugin <= 1.6.6 - Cross Site Scripting (XSS) vulnerability | wpWax | Post Grid, Slider & Carousel Ultimate | Medium | 6.5 | 2024-03-27 07:26:10 | Deep Dive |
| CVE-2024-1950 | Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.7 - Authenticated(Contributor+) PHP Object Injection | wpwax | Product Carousel Slider & Grid Ultimate for WooCommerce | High | 7.5 | 2024-03-13 15:27:23 | Deep Dive |
| CVE-2024-1951 | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection | wpwax | Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid | High | 7.5 | 2024-03-13 15:27:10 | Deep Dive |
| CVE-2024-2006 | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget <= 1.6.7 - Authenticated (Contributor+) PHP Object Injection in outpost_shortcode_metabox_markup | wpwax | Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget | High | 8.8 | 2024-03-13 15:27:04 | Deep Dive |
| CVE-2023-0280 | Ultimate Carousel For Elementor <= 2.1.7 - Contributor+ Stored XSS | Unknown | Ultimate Carousel For Elementor | 中危 | - | 2023-05-08 13:58:18 | Deep Dive |