ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Slideshow Gallery Plugin <= 1.5.3 - Multiple Vulnerabilities

Product
Slideshow Gallery
Description
This plugin is prone to an arbitrary file upload and cross site scripting vulnerabilities. Authenticated administrators can upload arbitrary files and store HTML or JS codes because of them.
Solution
Update the plugin.
Classification
Type Multi
References
Cinu
CVE
Name CVE-N/A
Versions
Affected In <= 1.5.3
Fixed In 1.5.3.4
Disclosure date
2015-08-20
Credits
Marcin Probola
Submitter
ThreatPress