CVE-2015-3634

EUVD-2015-3672
The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function in the Slideshow plugin 2.2.8 through 2.2.21 for Wordpress allows remote attackers to read arbitrary Wordpress option values.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
slideshow_projectslideshow
2.2.8
slideshow_projectslideshow
2.2.9
slideshow_projectslideshow
2.2.10
slideshow_projectslideshow
2.2.11
slideshow_projectslideshow
2.2.12
slideshow_projectslideshow
2.2.13
slideshow_projectslideshow
2.2.14
slideshow_projectslideshow
2.2.15
slideshow_projectslideshow
2.2.16
slideshow_projectslideshow
2.2.17
slideshow_projectslideshow
2.2.18
slideshow_projectslideshow
2.2.19
slideshow_projectslideshow
2.2.20
slideshow_projectslideshow
2.2.21
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2015/05/02/12
http://www.securityfocus.com/bid/74453
https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04
https://wordpress.org/plugins/slideshow-jquery-image-gallery/#developers
http://www.openwall.com/lists/oss-security/2015/05/02/12
http://www.securityfocus.com/bid/74453
https://github.com/Boonstra/Slideshow/commit/cac505e593cbe70a4d8af5b639f5385d4cc7aa04
https://wordpress.org/plugins/slideshow-jquery-image-gallery/#developers