CVE-2018-18019

Name of the Vulnerable Software and Affected Versions Tribulant Slideshow Gallery plugin version 1.6.8

Description A security issue exists in the Tribulant Slideshow Gallery plugin for WordPress, allowing for XSS attacks. This is possible through the "wp-admin/admin.php?page=slideshow-slides&method=save" endpoint, specifically via the Slide[title], Slide[media file], or Slide[image url] parameters.

Recommendations For Tribulant Slideshow Gallery plugin version 1.6.8, consider updating to a newer version that addresses this issue, as using outdated versions poses a significant risk. As a temporary workaround, restrict access to the "wp-admin/admin.php?page=slideshow-slides&method=save" endpoint and avoid using the Slide[title], Slide[media file], or Slide[image url] parameters until a patch is available.