Summary
| Detail | |||
|---|---|---|---|
| Vendor | Tribulant | First view | 2018-10-03 |
| Product | Slideshow Gallery | Last view | 2023-12-20 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:a:tribulant:slideshow_gallery:1.6.8:*:*:*:*:wordpress:*:* | 6 |
| cpe:2.3:a:tribulant:slideshow_gallery:*:*:*:*:*:wordpress:*:* | 4 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 7.2 | 2023-12-20 | CVE-2023-28491 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6. |
| 8.8 | 2023-11-12 | CVE-2023-28497 | Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <=Â 1.7.6 versions. |
| 4.8 | 2021-11-23 | CVE-2021-24882 | The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed |
| 6.1 | 2019-04-15 | CVE-2018-18019 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter. |
| 9.8 | 2019-04-15 | CVE-2018-18018 | SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. |
| 6.1 | 2019-04-15 | CVE-2018-18017 | XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter. |
| 6.1 | 2018-10-03 | CVE-2018-17946 | The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 57% (4) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
| 28% (2) | CWE-89 | Improper Sanitization of Special Elements used in an SQL Command ('... |
| 14% (1) | CWE-352 | Cross-Site Request Forgery (CSRF) |
