CVE-2018-18017

Name of the Vulnerable Software and Affected Versions Tribulant Slideshow Gallery plugin version 1.6.8

Description A security issue exists in the Tribulant Slideshow Gallery plugin for WordPress, allowing for XSS attacks. This is possible via the "wp-admin/admin.php?page=slideshow-galleries&method=save" endpoint, specifically through the Gallery[id] or Gallery[title] parameters.

Recommendations For version 1.6.8, consider disabling the save functionality in the slideshow-galleries page until a patch is available. Restrict access to the "wp-admin/admin.php?page=slideshow-galleries&method=save" endpoint to minimize the risk of exploitation. Avoid using the Gallery[id] and Gallery[title] parameters in this endpoint until the issue is resolved.