69 matches found
CP Image Store with Slideshow <= 1.0.67 - SQL Injection
The CP Image Store with Slideshow WordPress plugin before 1.0.68 does not sanitise and escape the orderingby query parameter before using it in a SQL statement in pages where the codepeople-image-store is embed, allowing unauthenticated users to perform an SQL injection attack. id: CVE-2022-1692...
PT-2026-43521
The Content Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acces...
CVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1885 Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1885
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
CVE-2026-1885
The CVE-2026-1885 issue affects the WordPress Slideshow Wp plugin (versions up to 1.1). It is a Stored Cross-Site Scripting (XSS) vulnerability via the sswpid attribute of the sswp-slide shortcode, caused by insufficient input sanitization/output escaping. Exploitation requires authenticated acce...
WordPress plugin Slideshow Wp 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
PT-2026-7506
The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
WordPress Slideshow Wp plugin <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Slideshow Wp versions = 1.1...
CVE-2026-0684
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpisadmininit' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...
WordPress CP Image Store with Slideshow plugin <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Product Import vulnerability discovered by Kazuma Matsumoto - GMO Cybersecurity by IERAE, Inc. in WordPress Plugin CP Image Store with Slideshow versions = 1.1.9...
PT-2026-2636
The CP Image Store with Slideshow plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.9 due to a logic error in the 'cpis admin init' function's permission check. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2023-45051
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Image vertical reel scroll slideshow plugin = 9.0 versions...
CVE-2023-4604
The Slideshow, Image Slider by 2J plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘post’ parameter in versions up to, and including, 1.3.54 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
EUVD-2015-3672
Malware in sbrugna...
CVE-2025-9199
The Woo superb slideshow transition gallery with random effect plugin for WordPress is vulnerable to SQL Injection via the 'woo-superb-slideshow' shortcode in all versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on t...
EUVD-2023-49372
Malicious code in bioql PyPI...
WordPress GPP Slideshow plugin <= 1.3.5 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by HLog in WordPress Plugin GPP Slideshow versions = 1.3.5...
CVE-2023-22682
Reflected Cross-Site Scripting XSS vulnerability in Manuel Masia | Pixedelic.Com Camera slideshow plugin = 1.4.0.1 versions...