Browse all 3 CVE security advisories affecting devowl. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Devowl is a WordPress plugin primarily used for creating and managing owl carousel sliders. Historically, the plugin has been vulnerable to multiple remote code execution (RCE) and cross-site scripting (XSS) flaws, often stemming from insufficient input validation and improper file handling. These vulnerabilities have allowed attackers to execute arbitrary code, manipulate website content, and potentially compromise entire WordPress installations. The plugin's three recorded CVEs highlight persistent security issues, with RCE being the most critical class of vulnerability. No major public security incidents have been documented, but the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-12136 | Real Cookie Banner: GDPR & ePrivacy Cookie Consent <= 5.2.4 - Authenticated (Admin+) Server-Side Request Forgery via scan-without-login Endpoint — Real Cookie Banner: GDPR & ePrivacy Cookie ConsentCWE-918 | 6.8 | Medium | 2025-10-24 |
| CVE-2024-2328 | Real Media Library <= 4.22.11 - Authenticated (Author+) Stored Cross-Site Scripting — Real Media Library: Media Library Folder & File ManagerCWE-79 | 6.4 | Medium | 2024-05-02 |
| CVE-2024-2027 | Real Media Library: Media Library Folder & File Manager <= 4.22.7 - Authenticated (Contributor+) Stored Cross-Site Scripting — Real Media Library: Media Library Folder & File ManagerCWE-20 | 6.4 | Medium | 2024-04-09 |
This page lists every published CVE security advisory associated with devowl. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.