CVE-2020-36729

The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twojslideshowsetup' function called via the wpajaxtwojslideshowsetup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers...

WordPress Plugin 2J-SlideShow 授权问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-11871 · WordPress · 2J-Slideshow Plugin

Name of the Vulnerable Software and Affected Versions: 2J-SlideShow Plugin for WordPress versions up to, and including, 1.3.31 Description: The issue is related to authorization bypass due to a missing capability check on the twoj slideshow setup function. This function is called via the "wp ajax...

2J SlideShow < 1.3.40 - Authenticated Arbitrary Plugin Deactivation

Description Lack of authorisation checks in the twojslideshowsetup function registered as an AJAX call could allow authenticated users with low privileges to deactivate arbitrary plugins...