The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function, accessible by unauthenticated users as an AJAX action, can be abused to force the disclosure of arbitrary Wordpress option values.
CPE | Name | Operator | Version |
---|---|---|---|
slideshow-jquery-image-gallery | lt | 2.2.22 |