Search criteria
2 vulnerabilities found for Skitter Slideshow by thiagosf
CVE-2022-1751 (GCVE-0-2022-1751)
Vulnerability from nvd – Published: 2024-08-17 07:34 – Updated: 2026-04-08 16:37
VLAI?
Title
Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery
Summary
The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity ?
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thiagosf | Skitter Slideshow |
Affected:
0 , ≤ 2.5.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thiagosf:skitter_slideshow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "skitter_slideshow",
"vendor": "thiagosf",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:48:39.806235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:50:55.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Skitter Slideshow",
"vendor": "thiagosf",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bartu Utku SARP"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:37:23.717Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/175eba7e-454b-4ba3-bbb5-22bd56734f5c?source=cve"
},
{
"url": "https://securityforeveryone.com/blog/wordpress-skitter-slideshow-ssrf-0-day-vulnerability-cve-2022-1751"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-skitter-slideshow/trunk/image.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-07T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Skitter Slideshow \u003c= 2.5.2 - Unauthenticated Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1751",
"datePublished": "2024-08-17T07:34:18.138Z",
"dateReserved": "2022-05-16T22:40:25.070Z",
"dateUpdated": "2026-04-08T16:37:23.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-1751 (GCVE-0-2022-1751)
Vulnerability from cvelistv5 – Published: 2024-08-17 07:34 – Updated: 2026-04-08 16:37
VLAI?
Title
Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery
Summary
The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.
Severity ?
7.2 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| thiagosf | Skitter Slideshow |
Affected:
0 , ≤ 2.5.2
(semver)
|
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:thiagosf:skitter_slideshow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "skitter_slideshow",
"vendor": "thiagosf",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-1751",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T13:48:39.806235Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T13:50:55.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Skitter Slideshow",
"vendor": "thiagosf",
"versions": [
{
"lessThanOrEqual": "2.5.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Bartu Utku SARP"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:37:23.717Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/175eba7e-454b-4ba3-bbb5-22bd56734f5c?source=cve"
},
{
"url": "https://securityforeveryone.com/blog/wordpress-skitter-slideshow-ssrf-0-day-vulnerability-cve-2022-1751"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-skitter-slideshow/trunk/image.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-06-07T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Skitter Slideshow \u003c= 2.5.2 - Unauthenticated Server-Side Request Forgery"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2022-1751",
"datePublished": "2024-08-17T07:34:18.138Z",
"dateReserved": "2022-05-16T22:40:25.070Z",
"dateUpdated": "2026-04-08T16:37:23.717Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}