CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37246 – WordPress Gallery Slideshow plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-37246
25 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jethin Gallery Slideshow allows Stored XSS.This issue affects Gallery Slideshow: from n/a through 1.4.1. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en Jethin Gallery Slideshow permite XSS almacenado. Este problema afecta a Gallery Slideshow: desde n/a hasta 1.4.1. The Gallery Slideshow plugin for WordPress is vulnerabl... • https://patchstack.com/database/vulnerability/gallery-slideshow/wordpress-gallery-slideshow-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35778 – WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2024-35778
19 Jun 2024 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17. La limitación inadecuada de un nombre de ruta a una vulnerabilidad de directorio restringido ("Path Traversal") en John West Slideshow SE permite la inclusión de archivos locales PHP. Este problema afecta a Slideshow SE: desde n/a hasta 2.5.17. The Slideshow SE plugin for WordPress is vulnerable to Local File... • https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-35769 – WordPress Slideshow SE plugin <= 2.5.17 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-35769
18 Jun 2024 — Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in John West Slideshow SE allows Stored XSS.This issue affects Slideshow SE: from n/a through 2.5.17. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web (XSS o 'Cross-site Scripting') en John West Slideshow SE permite XSS Almacenado. Este problema afecta a Slideshow SE: desde n/a hasta 2.5.17. The Slideshow SE plugin for WordPress is vulnerable to Stored Cr... • https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23717 – WordPress Portfolio Slideshow Plugin <= 1.13.0 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-23717
17 Feb 2023 — Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions. The Portfolio Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.13.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in page... • https://patchstack.com/database/vulnerability/portfolio-slideshow/wordpress-portfolio-slideshow-plugin-1-13-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-41554 – WordPress Slideshow SE Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-41554
28 Oct 2022 — Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. The Slideshow SE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Stored Cross-Site Scripting (XSS) ... • https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43461 – WordPress Slideshow SE Plugin <= 2.5.5 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-43461
28 Oct 2022 — Stored Cross-Site Scripting (XSS) vulnerability in John West Slideshow SE plugin <= 2.5.5 versions. The Slideshow SE plugin for WordPress is vulnerable to Stored Cross-Site Scripting in certain plugin configurations in versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected pag... • https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-5-auth-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1299 – Slideshow <= 2.3.1 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1299
09 May 2022 — The Slideshow WordPress plugin through 2.3.1 does not sanitize and escape some of its default slideshow settings, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed El plugin Slideshow de WordPress versiones hasta 2.3.1, no sanea ni escapa de algunos de sus ajustes de presentación por defecto, lo que podría permitir a usuarios con altos privilegios, como el administrador, llevar a cabo ataques de tipo Cross-Sit... • https://wpscan.com/vulnerability/8c46adb1-82d7-4621-a8c3-15cd90e98b96 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 2%CPEs: 14EXPL: 0CVE-2015-3634 – Slideshow 2.2.8 - 2.2.21 - Information Exposure
https://notcve.org/view.php?id=CVE-2015-3634
02 May 2015 — The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values. La función SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX en el plugin Slideshow, versiones de la 2.2.8 a la 2.2.21 parar Wordpress permite a atacantes remotos leer valores de opciones de WordPress arbitrarias. • http://www.openwall.com/lists/oss-security/2015/05/02/12 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •