WordPress Plugin Vulnerabilities

Slideshow 2.2.8-2.2.21 - Option Value Disclosure

Description

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function,
accessible by unauthenticated users as an AJAX action, can be abused
to force the disclosure of arbitrary Wordpress option values.

Affects Plugins

Plugin icon
slideshow-jquery-image-gallery
Fixed in 2.2.22

References

CVE
CVE-2015-3634
URL
https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
ace88c8e-a69d-4f44-b68c-f53a9a909b6e

Timeline

Publicly Published
2015-05-02 (about 11 years ago)
Added
2015-05-03 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2023-01-30
Title
PrivateContent < 8.4.4 - Brute Force Protection Bypass
Published
2024-03-29
Title
VS Contact Form < 14.8 - CAPTCHA Bypass
Published
2022-08-08
Title
Stop Spam Comments <= 0.2.1.2 - Access Token Bypass
Published
2022-07-11
Title
YOP Poll < 6.4.3 - IP Spoofing
Published
2016-02-04
Title
User Meta Manager <= 3.4.6 - Privilege Escalation