Skitter Slideshow <= 2.5.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Skitter Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. id: CVE-2025-28906 info: name: Skitter Slideshow = 2.5.2 - Authenticated Administrator+ Stored Cross-Site...

EUVD-2025-7861

Malicious code in bioql PyPI...

EUVD-2022-25032

Malicious code in bioql PyPI...

CVE-2025-28906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thiago S.F. Skitter Slideshow wp-skitter-slideshow allows Stored XSS.This issue affects Skitter Slideshow: from n/a through = 2.5.2...

WordPress Skitter Slideshow plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Skitter Slideshow versions = 2.5.2...

CVE-2025-28906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thiago S.F. Skitter Slideshow wp-skitter-slideshow allows Stored XSS.This issue affects Skitter Slideshow: from n/a through = 2.5.2...

CVE-2025-28906 WordPress Skitter Slideshow plugin <= 2.5.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Thiago S.F. Skitter Slideshow wp-skitter-slideshow allows Stored XSS.This issue affects Skitter Slideshow: from n/a through = 2.5.2...

CVE-2025-28906

CVE-2025-28906 concerns the WordPress plugin Skitter Slideshow (versions up to and including 2.5.2). The issue is a Stored XSS caused by insufficient input sanitization and output escaping. Exploitation requires authenticated administrator+ access, enabling injection of stored scripts that could ...

WordPress plugin Skitter Slideshow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

CVE-2022-1751

The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

WordPress Skitter Slideshow plugin <= 2.5.2 - Unauthenticated Server-Side Request Forgery vulnerability

Unauthenticated Server-Side Request Forgery vulnerability discovered by Bartu Utku SARP in WordPress Plugin Skitter Slideshow versions = 2.5.2...

WordPress Skitter Slideshow Plugin <= 2.5.2 is vulnerable to Server Side Request Forgery (SSRF)

Software Skitter Slideshow Type Plugin Vulnerable versions = 2.5.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-1751 Patch priority Medium CVSS severity Medium 7.2 Developer Claim ownership PSID 248ddea6bcba Credits Bartu Utku SARP Required...

CVE-2022-1751

The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2022-1751

The CVE-2022-1751 entry concerns the WordPress Skitter Slideshow plugin (versions up to and including 2.5.2). A Server-Side Request Forgery (SSRF) flaw exists via the /image.php endpoint, allowing unauthenticated attackers to issue web requests from the web application to arbitrary internal resou...

CVE-2022-1751 Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery

The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

WordPress plugin Skitter Slideshow 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...