CVE-2026-22347 MEDIUM

CVE-2026-22347: WordPress Carousel Horizontal Posts Content Slider plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerability

Vendor Subhansanjaya
Product Carousel Horizontal Posts Content Slider
Weakness CWE-79 · XSS
Published January 22, 2026
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a through <= 3.3.2.

Key dates

02Disclosure timeline

January 22, 2026 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-48324 WordPress tli.tl auto Twitter poster plugin <= 3.4 - Cross Site Scripting (XSS) vulnerability CVE-2024-7588 Gutenberg Blocks, Page Builder – ComboBlocks <= 2.2.87 - Authenticated (Contributor+) Stored Cross-Site Scripting via Accordion Block CVE-2023-5295 Comments by Startbit <= 1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2025-40642 Reflected Cross-Site Scripting (XSS) in WebWork CVE-2025-53528 Cadwyn is vulnerable to an XSS attack through its docs page