CVE-2026-5767

Name of the Vulnerable Software and Affected Versions SlideShowPro SC versions prior to 1.0.3

Description The SlideShowPro SC plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user supplied attributes within the slideShowProSC shortcode. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page.

Recommendations Update the plugin to a version later than 1.0.2.