Skip to main content

Slideshow

4 CVEs product

Monthly

CVE-2022-1299 MEDIUM POC This Month

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slideshow
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2015-3634 HIGH PATCH This Week

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Slideshow
NVD GitHub
CVSS 3.0
7.5
EPSS
2.1%
CVE-2016-1000118 HIGH POC This Week

XSS & SQLi in HugeIT slideshow v1.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Slideshow
NVD
CVSS 3.0
7.2
EPSS
2.0%
CVE-2016-1000117 HIGH POC This Week

XSS & SQLi in HugeIT slideshow v1.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Slideshow
NVD
CVSS 3.0
7.2
EPSS
2.0%
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Slideshow
NVD WPScan
EPSS 2% CVSS 7.5
HIGH PATCH This Week

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

WordPress Information Disclosure Slideshow
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC This Week

XSS & SQLi in HugeIT slideshow v1.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Slideshow
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

XSS & SQLi in HugeIT slideshow v1.0.4. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Slideshow
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy