CVE-2015-3634

The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
VendorProductVersion
slideshow_projectslideshow
2.2.8
slideshow_projectslideshow
2.2.9
slideshow_projectslideshow
2.2.10
slideshow_projectslideshow
2.2.11
slideshow_projectslideshow
2.2.12
slideshow_projectslideshow
2.2.13
slideshow_projectslideshow
2.2.14
slideshow_projectslideshow
2.2.15
slideshow_projectslideshow
2.2.16
slideshow_projectslideshow
2.2.17
slideshow_projectslideshow
2.2.18
slideshow_projectslideshow
2.2.19
slideshow_projectslideshow
2.2.20
slideshow_projectslideshow
2.2.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/05/02/12
http://www.securityfocus.com/bid/74453
https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04
https://wordpress.org/plugins/slideshow-jquery-image-gallery/#developers
http://www.openwall.com/lists/oss-security/2015/05/02/12
http://www.securityfocus.com/bid/74453
https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04
https://wordpress.org/plugins/slideshow-jquery-image-gallery/#developers