Vulnerabilities and security researches forslideshow-gallery slideshow-gallery

Direction: descending

Jun 20, 2026

Slideshow Gallery LITE # CVE-2026-2021

CVE, Research URL: CVE-2026-2021
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Jun 18, 2026
Research Description: The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 1.8.6.
Status: vulnerable

Jun 16, 2026

Slideshow Gallery LITE # d38b76de9eff53e7335586a65b69e2495ddcee45

CVE, Research URL: d38b76de9eff53e7335586a65b69e2495ddcee45
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Aug 20, 2015
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.5.3.4 WordPress Slideshow Gallery Plugin <= 1.5.3 - Multiple Vulnerabilities This plugin is prone to an arbitrary file upload and cross site scripting vulnerabilities. Authenticated administrators can upload arbitrary files and store HTML or JS codes because of them. Update the plugin.
Affected versions: max 1.5.3.4.
Status: vulnerable

Slideshow Gallery LITE # 25704d9d14aa58b80f0ece05d7e37f9a46665d62

CVE, Research URL: 25704d9d14aa58b80f0ece05d7e37f9a46665d62
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Aug 20, 2015
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.5.3.2 Slideshow Gallery <= 1.5.3.1 - Cross-Site Request Forgery to Arbitrary File Upload The Slideshow Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.3.1. This is due to missing nonce validation on the save slideshow functionality. This makes it possible for unauthenticated attackers to upload arbitrary files, including php files, and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.5.3.2.
Status: vulnerable

Slideshow Gallery LITE # 1a1005d0815abcca89fb868f199bd3f3ff1b3a36

CVE, Research URL: 1a1005d0815abcca89fb868f199bd3f3ff1b3a36
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Mar 15, 2023
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.7.7 Slideshow Gallery LITE <= 1.7.6 - Authenticated(Admin+) SQL Injection The Slideshow Gallery LITE plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with administrator-level capabilities to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 1.7.7.
Status: vulnerable

Slideshow Gallery LITE # 4e783673e407b8349dd5bc41331afa7c16548a85

CVE, Research URL: 4e783673e407b8349dd5bc41331afa7c16548a85
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Mar 15, 2023
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.7.7 Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_galleries The Slideshow Gallery LITE plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the admin_galleries function. This makes it possible for unauthenticated attackers to delete galleries via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.7.7.
Status: vulnerable

Slideshow Gallery LITE # bdf963a1-c0f9-4af7-a67c-0c6d9d0b4ab1

CVE, Research URL: bdf963a1-c0f9-4af7-a67c-0c6d9d0b4ab1
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: -
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.6.5 Tribulant Slideshow Gallery <= 1.6.4 - Authenticated Cross-Site Scripting (XSS) The Slideshow Gallery WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.
Affected versions: max 1.6.5.
Status: vulnerable

Slideshow Gallery LITE # f161974c-36bb-4fe7-bbf8-283cfe9d66ca

CVE, Research URL: f161974c-36bb-4fe7-bbf8-283cfe9d66ca
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: -
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.5.3.4 Tribulant Slideshow Gallery <= 1.5.3 - Arbitrary file upload & Cross-Site Scripting (XSS) The Slideshow Gallery WordPress plugin was affected by an Arbitrary file upload & Cross-Site Scripting (XSS) security vulnerability.
Affected versions: max 1.5.3.4.
Status: vulnerable

Slideshow Gallery LITE # 0bb93115de69308a3a0e5bba1f6ed566a38c4422

CVE, Research URL: 0bb93115de69308a3a0e5bba1f6ed566a38c4422
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Sep 01, 2014
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.4.7 WordPress Slideshow Gallery Plugin 1.4.6 - Shell Upload Slideshow Gallery plugin is prone to a sehll upload vulnerability. It allows an attacker to upload any PHP file remotely to the vulnerable website. Upgrade the plugin.
Affected versions: max 1.4.7.
Status: vulnerable

Slideshow Gallery LITE # b1d3b598be2787a2930b630f538fbc269cadd4c3

CVE, Research URL: b1d3b598be2787a2930b630f538fbc269cadd4c3
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Mar 21, 2016
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.6.1 Slideshow Gallery <= 1.6 - Cross-Site Scripting The Slideshow Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘order’ parameter in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.6.1.
Status: vulnerable

Slideshow Gallery LITE # ca8a54471d1804f3e6067d9e9ff8d5c7582d71d8

CVE, Research URL: ca8a54471d1804f3e6067d9e9ff8d5c7582d71d8
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Mar 01, 2017
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.6.6 Slideshow Gallery <= 1.6.5 - Cross-Site Scripting via method The Slideshow Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'method' parameter in versions up to, and including, 1.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.6.6.
Status: vulnerable

Slideshow Gallery LITE # 09b3f15aa12336353deea6b6f1f4fe0ce56c7727

CVE, Research URL: 09b3f15aa12336353deea6b6f1f4fe0ce56c7727
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Aug 20, 2015
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.5.3.4 Slideshow Gallery <= 1.5.3.2 - Reflected Cross-Site Scripting The Slideshow Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘Gallerymessage’ parameter in versions up to, and including, 1.5.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: max 1.5.3.4.
Status: vulnerable

Slideshow Gallery LITE # 75b6ebd530e86cfd8b60f44fd92b844693be687e

CVE, Research URL: 75b6ebd530e86cfd8b60f44fd92b844693be687e
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Mar 15, 2023
Research Description: Slideshow Gallery LITE [slideshow-gallery] < 1.7.7 Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_slides The Slideshow Gallery LITE plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the admin_slides function. This makes it possible for unauthenticated attackers to delete slides via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.7.7.
Status: vulnerable

Oct 03, 2024

Slideshow Gallery LITE # CVE-2024-47376

CVE, Research URL: CVE-2024-47376
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Oct 05, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tribulant Software Slideshow Gallery slideshow-gallery allows Cross-Site Scripting (XSS).This issue affects Slideshow Gallery: from n/a through <= 1.8.3.
Affected versions: max 1.8.4.
Status: vulnerable

Jun 14, 2024

Slideshow Gallery LITE # CVE-2024-5543

CVE, Research URL: CVE-2024-5543
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Jun 12, 2024
Research Description: The Slideshow Gallery LITE plugin for WordPress is vulnerable to time-based SQL Injection via the id parameter in all versions up to, and including, 1.8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 1.8.2.
Status: vulnerable

Jun 06, 2024

Slideshow Gallery LITE # CVE-2018-18017

CVE, Research URL: CVE-2018-18017
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Apr 16, 2019
Research Description: XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
Affected versions: max 1.6.9.
Status: vulnerable

Slideshow Gallery LITE # CVE-2018-18018

CVE, Research URL: CVE-2018-18018
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Apr 16, 2019
Research Description: SQL Injection exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-galleries&method=save Gallery[id] or Gallery[title] parameter.
Affected versions: max 1.6.9.
Status: vulnerable

Slideshow Gallery LITE # CVE-2018-18019

CVE, Research URL: CVE-2018-18019
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Apr 16, 2019
Research Description: XSS exists in the Tribulant Slideshow Gallery plugin 1.6.8 for WordPress via the wp-admin/admin.php?page=slideshow-slides&method=save Slide[title], Slide[media_file], or Slide[image_url] parameter.
Affected versions: max 1.6.9.
Status: vulnerable

Slideshow Gallery LITE # CVE-2014-5460

CVE, Research URL: CVE-2014-5460
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Sep 11, 2014
Research Description: Unrestricted file upload vulnerability in the Tribulant Slideshow Gallery plugin before 1.4.7 for WordPress allows remote authenticated users to execute arbitrary code by uploading a PHP file, then accessing it via a direct request to the file in wp-content/uploads/slideshow-gallery/.
Affected versions: max 1.4.7.
Status: vulnerable

Slideshow Gallery LITE # CVE-2021-24882

CVE, Research URL: CVE-2021-24882
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Nov 24, 2021
Research Description: The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
Affected versions: max 1.7.4.
Status: vulnerable

Slideshow Gallery LITE # CVE-2018-17946

CVE, Research URL: CVE-2018-17946
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Oct 03, 2018
Research Description: The Tribulant Slideshow Gallery plugin before 1.6.6.1 for WordPress has XSS via the id, method, Gallerymessage, Galleryerror, or Galleryupdated parameter.
Affected versions: max 1.6.6.1.
Status: vulnerable

Slideshow Gallery LITE # CVE-2023-28491

CVE, Research URL: CVE-2023-28491
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Dec 20, 2023
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery LITE.This issue affects Slideshow Gallery LITE: from n/a through 1.7.6.
Affected versions: max 1.7.7.
Status: vulnerable

Slideshow Gallery LITE # CVE-2024-31354

CVE, Research URL: CVE-2024-31354
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Apr 12, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
Affected versions: max 1.7.9.
Status: vulnerable

Slideshow Gallery LITE # CVE-2024-31355

CVE, Research URL: CVE-2024-31355
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Apr 10, 2024
Research Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
Affected versions: max 1.7.9.
Status: vulnerable

Slideshow Gallery LITE # CVE-2024-31353

CVE, Research URL: CVE-2024-31353
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Apr 10, 2024
Research Description: Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.
Affected versions: max 1.8.1.
Status: vulnerable

Slideshow Gallery LITE # CVE-2023-28497

CVE, Research URL: CVE-2023-28497
Home page URL: Security reports for Slideshow Gallery LITE
Application: Slideshow Gallery LITE
Date: Nov 13, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Tribulant Slideshow Gallery LITE plugin <= 1.7.6 versions.
Affected versions: max 1.7.7.
Status: vulnerable