144 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery LITE plugin = 1.7.6 versions...
CVE-2023-28497 WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery LITE plugin = 1.7.6 versions...
CVE-2023-28497
CVE-2023-28497 affects the WordPress plugin Tribulant Slideshow Gallery LITE (versions
WordPress Plugin Slideshow Gallery LITE Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2023-5434
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
Sql injection
The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress Plugin Superb slideshow gallery SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...
WordPress Plugin Up down image slideshow gallery SQL Injection Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection
Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...
WordPress Up down image slideshow gallery Plugin <= 12.0 is vulnerable to SQL Injection
Software Up down image slideshow gallery Type Plugin Vulnerable versions = 12.0 Fixed in 12.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5435 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 963fa79c0569 Credits István Márton Required privilege...
WordPress WordPress Slideshow Gallery Plugin – Easy Slideshow Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)
Software WordPress Slideshow Gallery Plugin – Easy Slideshow Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID aecb415d5ce5 Credit...
WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Slideshow Gallery Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28497 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e4370ac72e5b Credits Rio Darmawan...
WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to SQL Injection
Software Slideshow Gallery Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28491 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 9644393e25c7 Credits minhtuanact Required privilege Administrator...
CVE-2021-24882
The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
Cross site scripting
The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...
CVE-2021-24882
The CVE-2021-24882 entry describes a stored Cross-Site Scripting (XSS) vulnerability in the WordPress Slideshow Gallery plugin prior to 1.7.4. The root cause is the plugin’s failure to sanitize and escape the Slide Title, Slide Description, and Gallery Title fields, enabling attacker-controlled i...
WordPress 插件跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. WordPress Slideshow Gallery suffers from a...
Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Create/edit a Slide /wp-admin/admin.php?page=slideshow-slides and put...
WordPress Slideshow Gallery plugin <= 1.7.3 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by Tyler Miller in WordPress Slideshow Gallery plugin versions = 1.7.3. Solution Update the WordPress Slideshow Gallery plugin to the latest available version at least 1.7.4...
Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slide /wp-admin/admin.php?page=slideshow-slides and put the...