CVE-2022-1299 – Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1299
The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Slideshow de WordPress versiones hasta 2.3.1, no sanea ni escapa de algunos de sus ajustes de presentación por defecto, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Site Scripting incluso cuando la capacidad unfiltered_html no está permitida • https://wpscan.com/vulnerability/8c46adb1-82d7-4621-a8c3-15cd90e98b96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2015-3634 – Slideshow 2.2.8 - 2.2.21 - Information Exposure
https://notcve.org/view.php?id=CVE-2015-3634
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. La función SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX en el plugin Slideshow, versiones de la 2.2.8 a la 2.2.21 parar Wordpress permite a atacantes remotos leer valores de opciones de WordPress arbitrarias. • http://www.openwall.com/lists/oss-security/2015/05/02/12 http://www.securityfocus.com/bid/74453 https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04 https://wordpress.org/plugins/slideshow-jquery-image-gallery/#developers • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •