CVE-2026-8900

The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

WordPress plugin Simple SEO Slideshow 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-8900

The CVE-2026-8900 entry concerns the WordPress plugin Simple SEO Slideshow (versions up to and including 1.2.8). The vulnerability is a Stored Cross-Site Scripting (XSS) via shortcode attributes , caused by insufficient input sanitization and output escaping. An authenticated attacker with contri...

WordPress Simple SEO Slideshow plugin <= 1.2.8 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin Simple SEO Slideshow versions = 1.2.8...