Slideshow 2.2.8-2.2.21 - Option Value Disclosure

2015-05-02T00:00:00
ID WPVDB-ID:ACE88C8E-A69D-4F44-B68C-F53A9A909B6E
Type wpvulndb
Reporter ethicalhack3r
Modified 2020-09-22T07:07:52

Description

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function, accessible by unauthenticated users as an AJAX action, can be abused to force the disclosure of arbitrary Wordpress option values.