WordPress Plugin Vulnerabilities

Slideshow Gallery <= 1.6.8 - XSS and SQLi

Description

The Slideshow Gallery WordPress plugin was affected by a XSS and SQLi security vulnerability.

Affects Plugins

Plugin icon
slideshow-gallery
Fixed in 1.6.9

References

CVE
CVE-2018-18017
CVE
CVE-2018-18018
CVE
CVE-2018-18019
URL
https://plugins.trac.wordpress.org/changeset?reponame=&new=1974812%40slideshow-gallery&old=1907382%40slideshow-gallery
URL
https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html

Miscellaneous

Verified
No
WPVDB ID
57216d76-7cba-477e-a6b5-1e409913a0fc

Timeline

Publicly Published
2018-11-15 (about 7 years ago)
Added
2019-06-18 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2018-03-11
Title
Bbp Move Topics < 1.1.6 - Code Injection & CSRF
Published
2017-10-10
Title
My WP Translate < 1.0.4 - CSRF & XSS
Published
2017-11-13
Title
Formidable Forms < 2.05.03 - Multiple Vulnerabilities
Published
2016-05-13
Title
WP Editor < 1.2.6 - CSRF & Incorrect Permissions
Published
2016-03-11
Title
DZS Videogallery Plugin <= 8.60 - Multiple Vulnerabilities