cleantalk
Vulnerabilities and Security Researches

SlideShowPro SC, CVE-2026-5767

CVE, Research URL

CVE-2026-5767

Home page URL

Security reports for SlideShowPro SC

Application

SlideShowPro SC

Published on
Apr 22, 2026
Research Description
The SlideShowPro SC plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `slideShowProSC` shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 1.0.2.
Status
vulnerable
Previous vulnerability researches
DethemeKit For Elementor (CVE-2025-32260) , Apr 10, 2025
DethemeKit For Elementor (CVE-2025-26772) , Feb 19, 2025
DethemeKit For Elementor (CVE-2024-5418) , Jun 06, 2024
DethemeKit For Elementor (CVE-2024-34575) , Jun 06, 2024
DethemeKit For Elementor (CVE-2024-32508) , Jun 06, 2024
New vulnerability
Popup Anything – Popup for opt-ins and Lead Generation Conversions (CVE-2026-6443) , Apr 24, 2026
WPZOOM Addons for Elementor (Templates, Widgets) (CVE-2026-39597) , Apr 24, 2026
Breaking News WP (CVE-2026-4280) , Apr 24, 2026
Countdown Timer Ultimate (CVE-2026-6443) , Apr 24, 2026
WP User Frontend – Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submiss (CVE-2025-58673) , Apr 24, 2026