cleantalk
Vulnerabilities and Security Researches

Slideshow Gallery LITE, 75b6ebd530e86cfd8b60f44fd92b844693be687e

CVE, Research URL

75b6ebd530e86cfd8b60f44fd92b844693be687e

Home page URL

Security reports for Slideshow Gallery LITE

Application

Slideshow Gallery LITE

Published on
Mar 15, 2023
Research Description
Slideshow Gallery LITE [slideshow-gallery] < 1.7.7 Slideshow Gallery LITE <= 1.7.6 - Cross-Site Request Forgery via admin_slides The Slideshow Gallery LITE plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the admin_slides function. This makes it possible for unauthenticated attackers to delete slides via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.7.7.
Status
vulnerable
Previous vulnerability researches
Left right image slideshow gallery (CVE-2023-5431) , Jun 10, 2024
Up down image slideshow gallery (CVE-2023-5435) , Jun 10, 2024
Vertical scroll slideshow gallery v2 (CVE-2025-49897) , Aug 18, 2025
drop in image slideshow gallery (CVE-2024-51914) , Nov 12, 2024
Vertical scroll image slideshow gallery (CVE-2025-5752) , Jul 18, 2025
New vulnerability
Simple File List (CVE-2026-11911) , Jun 21, 2026
Simple File List (CVE-2026-12119) , Jun 21, 2026
Simple File List (CVE-2026-11912) , Jun 21, 2026
WP Hotel Booking (CVE-2026-9822) , Jun 21, 2026
Branda – White Label WordPress, Custom Login Page Customizer (CVE-2026-11551) , Jun 21, 2026