Cross-Site Scripting Vulnerability in Tribulant Slideshow Gallery Plugin for WordPress
CVE-2018-18017
6.1MEDIUM
What is CVE-2018-18017?
The Tribulant Slideshow Gallery plugin version 1.6.8 for WordPress has a Cross-Site Scripting (XSS) vulnerability. This arises from improper handling of user input, specifically in the wp-admin/admin.php interface, where parameters like Gallery[id] or Gallery[title] can be manipulated to inject malicious scripts. This could potentially allow an attacker to execute harmful code in a user's browser, leading to unauthorized actions or data theft.