CVE-2023-22682

Reflected Cross-Site Scripting XSS vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin = 1.4.0.1 versions...

CVE-2023-44242

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin = 1.3.54 versions...

CVE-2023-5438

The wp image slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 12.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5413

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2022-1692

The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack...

CVE-2022-1335

The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

CVE-2025-31444 WordPress ShowTime Slideshow plugin <= 1.6 - Cross Site Request Forgery (CSRF) to Stored XSS vulnerability

Cross-Site Request Forgery CSRF vulnerability in youtag ShowTime Slideshow showtime-slideshow allows Stored XSS.This issue affects ShowTime Slideshow: from n/a through = 1.6...

WordPress plugin WP Simple Slideshow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress WP Simple Slideshow Plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k in WordPress Plugin WP Simple Slideshow versions = 1.0...

CVE-2022-1751

The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and ca...

CVE-2024-9839

The The Uix Slideshow plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes it possible for...

WordPress plugin SH Slideshow 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2023-5413

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2023-5464

The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-5434

The Superb slideshow gallery plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 13.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2023-45051

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin = 9.0 versions...

CVE-2023-45051

CVE-2023-45051 is an Auth. (admin+) Stored XSS in the WordPress plugin “Image vertical reel scroll slideshow.” The vulnerability affects the plugin’s image slideshow function and is caused by insufficient escaping/validation of inputs, permitting stored XSS when an admin with unfiltered HTML cont...

CVE-2023-44242

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin = 1.3.54 versions...

CVE-2020-36729 Slideshow, Image Slider by 2J <= 1.3.31 - Authorization Bypass

The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twojslideshowsetup' function called via the wpajaxtwojslideshowsetup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers...

PT-2023-11871 · WordPress · 2J-Slideshow Plugin

Name of the Vulnerable Software and Affected Versions: 2J-SlideShow Plugin for WordPress versions up to, and including, 1.3.31 Description: The issue is related to authorization bypass due to a missing capability check on the twoj slideshow setup function. This function is called via the "wp ajax...