WordPress Plugin Vulnerabilities

Slideshow Gallery <= 1.6.5 - Multiple Authenticated Cross-Site Scripting (XSS)

Description

The Slideshow Gallery WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting (XSS) security vulnerability.

Proof of Concept

Affects Plugins

Plugin icon
slideshow-gallery
Fixed in 1.6.6

References

CVE
CVE-2018-17946
URL
https://packetstormsecurity.com/files/#142079/
URL
https://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gallery_Plugin_Advisory.pdf

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Submitter
Neven Biruski
Submitter website
http://www.defensecode.com
Submitter twitter
DefenseCode
Verified
No
WPVDB ID
a9056033-97c7-4753-822f-faf99f4081e2

Timeline

Publicly Published
2017-04-10 (about 9 years ago)
Added
2017-04-11 (about 9 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2014-08-01
Title
WordPress-to-Lead for Salesforce CRM 1.0 - salesforce.php Multiple Parameter XSS
Published
2024-03-13
Title
Elementor Addons by Livemesh < 8.3.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Posts Carousel Widget
Published
2024-08-16
Title
Purity Of Soul <= 1.9 - Reflected Cross-Site Scripting
Published
2026-03-25
Title
Complianz – GDPR/CCPA Cookie Consent < 7.4.5 - Contributor+ Stored XSS via Content Filter
Published
2020-12-18
Title
Simple Social Buttons < 3.2.0 - Reflected Cross-Site Scripting