144 matches found
CVE-2024-47376 WordPress Slideshow Gallery LITE plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Tribulant Slideshow Gallery allows Stored XSS.This issue affects Slideshow Gallery: from n/a through 1.8.3...
WordPress plugin Slideshow Gallery 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2024-32594 · Tribulant · Tribulant Slideshow Gallery
Name of the Vulnerable Software and Affected Versions: Tribulant Slideshow Gallery versions 1.8.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS, where an attacker can...
WordPress Slideshow Gallery LITE plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin Slideshow Gallery versions = 1.8.3...
WordPress Slideshow Gallery Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)
Software Slideshow Gallery Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47376 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID da732a2224b9 Credits Hakiduck Required privilege...
CVE-2024-5543 Slideshow Gallery LITE <= 1.8.1 - Authenticated (Contributor+) SQL Injection
The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possib...
Wordpress Slideshow Gallery LITE plugin <= 1.8.1 - Authenticated (Contributor+) SQL Injection vulnerability
Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Left right image slideshow gallery versions = 1.8.1...
WordPress Left right image slideshow gallery Plugin <= 1.8.1 is vulnerable to SQL Injection
Software Left right image slideshow gallery Type Plugin Vulnerable versions = 1.8.1 Fixed in 1.8.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-5543 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 26f19037ceb8 Credits Krzysztof Zając Required...
CVE-2024-31354
Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...
CVE-2024-31354 WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...
CVE-2024-31354 WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...
CVE-2024-31354
CVE-2024-31354 documents a Cross-Site Request Forgery (CSRF) vulnerability in the Tribulant Slideshow Gallery WordPress plugin, affecting Slideshow Gallery LITE versions up to and including 1.7.8. Public details indicate a CSRF condition but do not specify an attacker vector beyond CSRF. The NVD ...
WordPress Plugin Slideshow Gallery LITE 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2024-23998 · Tribulant · Tribulant Slideshow Gallery
Name of the Vulnerable Software and Affected Versions: Tribulant Slideshow Gallery versions 1.7.8 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
Slideshow Gallery < 1.7.9 - Settings Reset via CSRF
Description The plugin does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-31355
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...
CVE-2024-31355 WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...
CVE-2024-31355
CVE-2024-31355 is an authenticated SQL injection vulnerability in the Tribulant Slideshow Gallery plugin for WordPress, affecting Slideshow Gallery LITE up to version 1.7.8. An attacker with at least Contributor+ privileges can exploit the flaw to manipulate the SQL query, potentially impacting c...
CVE-2024-31355 WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Auth. SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...
CVE-2024-31353
Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8...