Browse all 3 CVE security advisories affecting Nextend. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nextend develops WordPress and Joomla extensions for building websites and online stores. Historically, the software has been vulnerable to multiple cross-site scripting (XSS) and remote code execution (RCE) flaws, often stemming from insufficient input validation and improper sanitization. Privilege escalation vulnerabilities have also been identified in several components. The three publicly disclosed CVEs highlight persistent security concerns, particularly around user permissions and data handling. While no major security incidents have been widely reported, the pattern of vulnerabilities suggests ongoing challenges in secure coding practices, requiring users to maintain current versions and implement additional security measures to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-45845 | WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to PHP Object Injection — Smart Slider 3CWE-502 | 4.3 | Medium | 2024-01-19 |
| CVE-2022-45843 | WordPress Smart Slider 3 Plugin <= 3.5.1.9 is vulnerable to Cross Site Scripting (XSS) — Smart Slider 3CWE-79 | 5.4 | Medium | 2023-03-23 |
| CVE-2021-24382 | Smart Slider 3 < 3.5.0.9 - Authenticated Stored Cross-Site Scripting (XSS) — Smart Slider 3CWE-79 | 4.8 | - | 2021-06-14 |
This page lists every published CVE security advisory associated with Nextend. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.