VYPR

Slideshow Gallery

by WordPress

CVEs (19)

  • CVE-2018-18018CriApr 15, 2019
    risk 0.64cvss 9.8epss 0.02

    SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

  • CVE-2017-1002015CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via selectMulGallery parameter.

  • CVE-2017-1002014CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection in image-gallery-with-slideshow/admin_setting.php via gallery_name parameter.

  • CVE-2017-1002013CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, Blind SQL Injection via imgid parameter in image-gallery-with-slideshow/admin_setting.php.

  • CVE-2017-1002012CriSep 14, 2017
    risk 0.64cvss 9.8epss 0.03

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, In image-gallery-with-slideshow/admin_setting.php the following snippet of code does not sanitize input via the gid variable before passing it into an SQL statement.

  • CVE-2024-31355HigApr 10, 2024
    risk 0.55cvss 8.5epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.

  • CVE-2024-5543HigJun 12, 2024
    risk 0.53cvss 8.1epss 0.00

    The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. …

  • CVE-2023-28491MedDec 20, 2023
    risk 0.44cvss 6.7epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.

  • CVE-2018-18019MedApr 15, 2019
    risk 0.40cvss 6.1epss 0.01

    XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.

  • CVE-2018-18017MedApr 15, 2019
    risk 0.40cvss 6.1epss 0.01

    XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.

  • CVE-2018-17946MedOct 3, 2018
    risk 0.40cvss 6.1epss 0.01

    The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.

  • CVE-2024-47376MedOct 5, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Slideshow Gallery slideshow-gallery allows Cross-Site Scripting (XSS).This issue affects Slideshow Gallery: from n/a through <= 1.8.3.

  • CVE-2023-28497MedNov 12, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.

  • CVE-2017-1002011MedSep 14, 2017
    risk 0.35cvss 5.4epss 0.01

    Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.

  • CVE-2024-31353MedApr 10, 2024
    risk 0.34cvss 5.3epss 0.00

    Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.

  • CVE-2021-24882MedNov 23, 2021
    risk 0.31cvss 4.8epss 0.01

    The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

  • CVE-2024-31354MedApr 12, 2024
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.

  • CVE-2014-5460Sep 11, 2014
    risk 0.09cvss epss 0.71

    Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in…

  • CVE-2026-2021Jun 18, 2026
    risk 0.00cvss epss 0.00

    The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This…