Lucene search
K

144 matches found

Prion
Prion
added 2023/11/12 10:15 p.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery LITE plugin = 1.7.6 versions...

6.8CVSS7.5AI score0.00284EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/12 10:1 p.m.33 views

CVE-2023-28497 WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Tribulant Slideshow Gallery LITE plugin = 1.7.6 versions...

5.4CVSS9AI score0.00284EPSS
Exploits0References1
CVE
CVE
added 2023/11/12 10:1 p.m.42 views

CVE-2023-28497

CVE-2023-28497 affects the WordPress plugin Tribulant Slideshow Gallery LITE (versions

8.8CVSS7.2AI score0.00284EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/11/12 12:0 a.m.4 views

WordPress Plugin Slideshow Gallery LITE Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS6.6AI score0.00284EPSS
Exploits0References2
OSV
OSV
added 2023/10/31 9:15 a.m.4 views

CVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

6.5CVSS5.9AI score0.00797EPSS
Exploits1References3
Prion
Prion
added 2023/10/31 9:15 a.m.19 views

Sql injection

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

4CVSS7.1AI score0.00797EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.7 views

WordPress Plugin Superb slideshow gallery SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

8.8CVSS7.7AI score0.00797EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/10/31 12:0 a.m.4 views

WordPress Plugin Up down image slideshow gallery SQL Injection Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS7.7AI score0.0079EPSS
Exploits1References4
Patchstack
Patchstack
added 2023/10/30 12:0 a.m.20 views

WordPress Superb slideshow gallery Plugin <= 13.1 is vulnerable to SQL Injection

Software Superb slideshow gallery Type Plugin Vulnerable versions = 13.1 Fixed in 13.2 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5434 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 2f0f3b992f7b Credits István Márton Required privilege Contributo...

8.8CVSS6.8AI score0.00797EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/10/30 12:0 a.m.13 views

WordPress Up down image slideshow gallery Plugin <= 12.0 is vulnerable to SQL Injection

Software Up down image slideshow gallery Type Plugin Vulnerable versions = 12.0 Fixed in 12.1 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-5435 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 963fa79c0569 Credits István Márton Required privilege...

8.8CVSS6.8AI score0.0079EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.4 views

WordPress WordPress Slideshow Gallery Plugin – Easy Slideshow Plugin <= 1.2.1 is vulnerable to Cross Site Scripting (XSS)

Software WordPress Slideshow Gallery Plugin – Easy Slideshow Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID aecb415d5ce5 Credit...

6.4AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.7 views

WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28497 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e4370ac72e5b Credits Rio Darmawan...

8.8CVSS6.7AI score0.00284EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/16 12:0 a.m.13 views

WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to SQL Injection

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28491 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 9644393e25c7 Credits minhtuanact Required privilege Administrator...

7.2CVSS6.9AI score0.00762EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/11/23 8:15 p.m.4 views

CVE-2021-24882

The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

4.8CVSS5.8AI score0.00598EPSS
Exploits2References1
Prion
Prion
added 2021/11/23 8:15 p.m.12 views

Cross site scripting

The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed...

3.5CVSS4.7AI score0.00598EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2021/11/23 7:16 p.m.52 views

CVE-2021-24882

The CVE-2021-24882 entry describes a stored Cross-Site Scripting (XSS) vulnerability in the WordPress Slideshow Gallery plugin prior to 1.7.4. The root cause is the plugin’s failure to sanitize and escape the Slide Title, Slide Description, and Gallery Title fields, enabling attacker-controlled i...

4.8CVSS4.8AI score0.00598EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2021/11/23 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. WordPress Slideshow Gallery suffers from a...

4.8CVSS5.1AI score0.00598EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2021/10/25 12:0 a.m.17 views

Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed PoC Create/edit a Slide /wp-admin/admin.php?page=slideshow-slides and put...

4.8CVSS0.6AI score0.00598EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2021/10/25 12:0 a.m.23 views

WordPress Slideshow Gallery plugin <= 1.7.3 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Tyler Miller in WordPress Slideshow Gallery plugin versions = 1.7.3. Solution Update the WordPress Slideshow Gallery plugin to the latest available version at least 1.7.4...

4.8CVSS2.5AI score0.00598EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2021/10/25 12:0 a.m.556 views

Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml is disallowed Create/edit a Slide /wp-admin/admin.php?page=slideshow-slides and put the...

4.8CVSS0.4AI score0.00598EPSS
Exploits2
Rows per page
Query Builder