CVE-2026-1885 Slideshow Wp <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sswp-slide' Shortcode 'sswpid' Attribute

The Slideshow Wp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'sswpid' attribute of the 'sswp-slide' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2026-1885

The CVE-2026-1885 issue affects the WordPress Slideshow Wp plugin (versions up to 1.1). It is a Stored Cross-Site Scripting (XSS) vulnerability via the sswpid attribute of the sswp-slide shortcode, caused by insufficient input sanitization/output escaping. Exploitation requires authenticated acce...

CVE-2023-5413

The Image horizontal reel scroll slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ihrss-gallery' shortcode in versions up to, and including, 13.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2022-1335

The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

WordPress plugin WP Simple Slideshow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Slideshow Gallery Plugin <= 1.8.3 is vulnerable to Cross Site Scripting (XSS)

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.8.3 Fixed in 1.8.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47376 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID da732a2224b9 Credits Hakiduck Required privilege...

WordPress Slideshow SE Plugin <= 2.5.17 is vulnerable to Local File Inclusion

Software Slideshow SE Type Plugin Vulnerable versions = 2.5.17 Fixed in 2.5.18 OWASP Top 10 A1: Broken Access Control Classification Local File Inclusion CVE CVE-2024-35778 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 7958c856162d Credits João Pedro S Alcântara Kinorth...

WordPress Slideshow SE Plugin <= 2.5.20 is vulnerable to Cross Site Scripting (XSS)

Software Slideshow SE Type Plugin Vulnerable versions = 2.5.20 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35769 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 5064bdc28526 Credits Steven Julian Required privilege Author...

WordPress Slideshow Gallery Plugin <= 1.7.8 is vulnerable to SQL Injection

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-31355 Patch priority Low CVSS severity Low 8.5 Developer Claim ownership PSID 6b8a2fec8ee3 Credits LVT-tholv2k Required privilege Contributor...

WordPress Slideshow Gallery Plugin <= 1.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.7.8 Fixed in 1.7.9 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31354 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID fa0ba59d923d Credits Ananda Dhakal...

WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to SQL Injection

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-28491 Patch priority Low CVSS severity Low 6.7 Developer Claim ownership PSID 9644393e25c7 Credits minhtuanact Required privilege Administrator...

WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Slideshow Gallery Type Plugin Vulnerable versions = 1.7.6 Fixed in 1.7.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-28497 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID e4370ac72e5b Credits Rio Darmawan...

WordPress plugin Slideshow CK 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin. cross-site scripting...

WordPress plugin Slideshow 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress Slideshow plugin 2.3.1 and earlier versions have a cross-site scripting vulnerability...

WordPress Slideshow plugin <= 2.3.1 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by Fayçal CHENA in WordPress Slideshow plugin versions = 2.3.1. Solution Deactivate and delete. This plugin has been closed as of April 11, 2022 and is not available for download. This closure is temporary, pending a full review...

WordPress Slideshow Gallery Plugin < 1.6.9 Multiple Vulnerabilities

The WordPress plugin Copyright C 2019 Greenbone Networks GmbH SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the...

WordPress Slideshow Gallery 1.4.6 Shell Upload

!/usr/bin/env python WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability CVE-2014-5460 Vulnerability discovered by: Jesus Ramirez Pichardo - http://whitexploit.blogspot.mx/ Exploit written by:...

WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Vulnerability

No description provided by source. Summary: WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability. Found by: Jesus Ramirez Pichardo @whitexploit http://whitexploit.blogspot.mx/ Date: 2014-08-28 Vendor Homepage: http://tribulant.com/ Software: Slideshow...