The plugin does not sanitise and escape the Slide “Title”, “Description”, and Gallery “Title” fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Create/edit a Slide (/wp-admin/admin.php?page=slideshow-slides) and put the following payload in the Title or Description fields: Create/edit a Gallery (/wp-admin/admin.php?page=slideshow-galleries) and put the following payload in the Title field: The XSS will be triggered in both backend (Title field, in the Slide/Gallery list pages) and frontend (in pages/posts where the Slide/Gallery is embed)
CPE | Name | Operator | Version |
---|---|---|---|
slideshow-gallery | lt | 1.7.4 |