cleantalk
Vulnerabilities and Security Researches

Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider, CVE-2022-46845

CVE, Research URL

CVE-2022-46845

Home page URL

Security reports for Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider

Application

Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider

Published on
-
Research Description
The Slider a SlidersPack plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the wp_spaios_save_attachment_data and wp_spaios_get_attachment_edit_form functions in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to modify and retrieve the metadata of an arbitrary WordPress Media Library attachment.
Affected versions
Min -, max 2.0.2.
Status
vulnerable
Previous vulnerability researches
Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider (CVE-2022-46845) , Jun 10, 2024
Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider (CVE-2025-32152) , Apr 06, 2025
Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider (bc6356e177f864c0ee8ec329d0cba714cdf9cd32) , Jun 06, 2024
New vulnerability
Integration for WooCommerce and QuickBooks (CVE-2025-39600) , Apr 18, 2025
GB Gallery Slideshow (CVE-2025-32649) , Apr 18, 2025
Question Answer (CVE-2025-32646) , Apr 18, 2025
PropertyHive (CVE-2025-39577) , Apr 18, 2025
WP-BusinessDirectory – Business directory plugin for WordPress (CVE-2025-32630) , Apr 18, 2025