Threat Entry Updated 2026-01-08

CVE-2025-11370 - Post Slider Carousel Plugin

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'store' function of the RulesAjaxController class in all versions up to, and including, 4.0.7. This makes it possible for unauthenticated attackers to update pop-up display settings.

PLUGIN Post Slider Carousel

CVE-2025-11370

MEDIUM CVSS 5.3 2026-01-06

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2025-11-06

CVE-2025-11373 - Post Slider Carousel Plugin

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload limited files on the affected site's server.

PLUGIN Post Slider Carousel

CVE-2025-11373

MEDIUM CVSS 4.3 2025-11-05

Risk Score

Open Full Technical Breakdown