Vulnerabilities and security researches forwp-skitter-slideshow wp-skitter-slideshow

Aug 18, 2024

CVE, Research URL: CVE-2022-1751
Home page URL: Security reports for Skitter Slideshow
Application: Skitter Slideshow
Date: Aug 17, 2024
Research Description: The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Affected versions: Min -, max -.
Status: vulnerable

Mar 13, 2025

CVE, Research URL: CVE-2025-28906
Home page URL: Security reports for Skitter Slideshow
Application: Skitter Slideshow
Date: Mar 12, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thiago S.F. Skitter Slideshow allows Stored XSS. This issue affects Skitter Slideshow: from n/a through 2.5.2.
Affected versions: Min -, max -.
Status: vulnerable