CVE-2026-22347
WordPress Carousel Horizontal Posts Content Slider plugin <= 3.3.2 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in subhansanjaya Carousel Horizontal Posts Content Slider carousel-horizontal-posts-content-slider allows DOM-Based XSS.This issue affects Carousel Horizontal Posts Content Slider: from n/a through <= 3.3.2.
We have discovered 615 live websites that are affected by CVE-2026-22347.
Affected Software
| Product |  Carousel Horizontal Posts Content Slider |
| Category | Wordpress Plugins |
| Vulnerable Domains | 615 live websites (100% of Carousel Horizontal Posts Content Slider install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 100% of all versions) |
Details
- Published - Jan 22, 2026
- Updated - Jan 27, 2026
Credits
- Muhammad Yudha - DJ | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-22347 United States | 131 websites |
 Germany | 49 websites |
 Japan | 49 websites |
 Russia | 35 websites |
 Italy | 30 websites |
 France | 29 websites |
 Netherlands | 25 websites |
 Philippines | 23 websites |
 Spain | 21 websites |
 India | 20 websites |
Website Distribution by TLD
Number of websites using CVE-2026-22347| .com | 219 websites |
| .org | 43 websites |
| .ru | 33 websites |
| .it | 28 websites |
| .de | 26 websites |
| .nl | 21 websites |
| .com.br | 15 websites |
| .net | 14 websites |
| .fr | 12 websites |
| .jp | 11 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-22347
Top websites that are affected by CVE-2026-22347. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ************.ru | Russia | **,*** | |
| **************.eu |  Czech Republic | ***,*** | |
| *****************.com | Germany | ***,*** | |
| **********.com | Japan | ***,*** | |
| ***************.com | United States | ***,*** | |
| *************.de | Germany | ***,*** | |
| **************.org | United States | ***,*** | |
| ********************.org | United States | ***,*** | |
| **********.com | United States | ***,*** | |
| ******.****.ua |  Ukraine | ***,*** |
FAQ
A total of 615 websites have been identified as vulnerable to CVE-2026-22347, based on global website indexing conducted by WebTechSurvey.
The Carousel Horizontal Posts Content Slider is affected by the CVE-2026-22347 vulnerability.
Carousel Horizontal Posts Content Slider versions up to and including 3.3.2 are vulnerable to CVE-2026-22347.