CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-31353 – WordPress Slideshow Gallery LITE plugin <= 1.7.8 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-31353
07 Apr 2024 — Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8. Vulnerabilidad de inserción de información confidencial en el archivo de registro en Tribulant Slideshow Gallery. Este problema afecta a Slideshow Gallery: desde n/a hasta 1.7.8. The Slideshow Gallery LITE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8. This makes it possible for unauthentic... • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-8-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28491 – WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to SQL Injection
https://notcve.org/view.php?id=CVE-2023-28491
15 Mar 2023 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. La neutralización incorrecta de elementos especiales utilizados en una vulnerabilidad de comando SQL ("Inyección SQL") en Tribulant Slideshow Gallery LITE. Este problema afecta a Slideshow Gallery LITE: desde n/a hasta 1.7.6. The Slideshow Gallery LITE plugin for WordPress is vulnerable to SQL Injection via t... • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-6-sql-injection?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28497 – WordPress Slideshow Gallery Plugin <= 1.7.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28497
15 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Tribulant Slideshow Gallery LITE en versiones <= 1.7.6. The Slideshow Gallery LITE plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the admin_slides function. This makes it possible for unauthenticated attackers to d... • https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24882 – Slideshow Gallery < 1.7.4 - Admin+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24882
25 Oct 2021 — The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed El plugin Slideshow Gallery de WordPress versiones anteriores a 1.7.4, no sanea ni escapa de los campos "Title" de la diapositiva, "Description" y "Title" de la galería, que podría permitir a usuarios con privilegios elevados llevar a cabo ataque... • https://wpscan.com/vulnerability/6d71816c-8267-4b84-9087-191fbb976e72 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18017 – Slideshow Gallery <= 1.6.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-18017
04 Oct 2018 — XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a un Cross-site scripting (XSS) a través del parámetro wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] o Gallery[title]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18018 – Slideshow Gallery <= 1.6.8 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-18018
04 Oct 2018 — SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a una inyección SQL a través del parámetro wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] o Gallery[title]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18019 – Slideshow Gallery <= 1.6.8 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-18019
04 Oct 2018 — XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. El plugin Tribulant Slideshow Gallery 1.6.8 para WordPress es vulnerable a un Cross-site scripting (XSS) a través del parámetro wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], o Slide[image_url]. • https://ansawaf.blogspot.com/2019/04/xss-and-sqli-in-slideshow-gallery.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-17946 – Slideshow Gallery <= 1.6.5 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-17946
10 Apr 2017 — The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. El plugin Tribulant Slideshow Gallery en versiones anteriores a la 1.6.6.1 para WordPress tiene Cross-Site Scripting (XSS) mediante los parámetros id, method, Gallerymessage, Galleryerror o Galleryupdated. The Tribulant Slideshow Gallery plugin before 1.6.6 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter... • http://www.defensecode.com/advisories/DC-2017-01-014_WordPress_Tribulant_Slideshow_Gallery_Plugin_Advisory.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 64%CPEs: 7EXPL: 11CVE-2014-5460 – Slideshow Gallery < 1.4.7 - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2014-5460
29 Aug 2014 — Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/. Vulnerabilidad de la subida de ficheros sin restricciones en el plugin Tribulant Slideshow Gallery anterior a 1.4.7 para WordPress permite a usuarios remotos autenticados ejecutar código arbitrario mediante la subida de un fic... • https://packetstorm.news/files/id/128270 • CWE-20: Improper Input Validation CWE-434: Unrestricted Upload of File with Dangerous Type •