Cross-Site Scripting Vulnerability in Tribulant Slideshow Gallery Plugin for WordPress
CVE-2018-18019
6.1MEDIUM
What is CVE-2018-18019?
The Tribulant Slideshow Gallery plugin for WordPress is susceptible to a Cross-Site Scripting (XSS) vulnerability. This issue arises when unsanitized input is accepted in specific parameters, such as Slide[title], Slide[media_file], and Slide[image_url], via the wp-admin/admin.php?page=slideshow-slides&method=save endpoint. Attackers could exploit this vulnerability to inject malicious scripts, potentially compromising site security and user data integrity.