The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide “Title”, “Description”, and Gallery “Title” fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
CPE | Name | Operator | Version |
---|---|---|---|
slideshow_gallery | lt | 1.7.4 |