Description
WordPress Plugin Slideshow is prone to an information disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may help in launching further attacks. WordPress Plugin Slideshow version 2.2.21 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.2.22 or latest
References
http://www.openwall.com/lists/oss-security/2015/05/01/7
http://seclists.org/oss-sec/2015/q2/325
http://www.openwall.com/lists/oss-security/2015/05/02/12
https://wordpress.org/plugins/slideshow-jquery-image-gallery/changelog/
Related Vulnerabilities
WordPress Plugin Booking Calendar SQL Injection (8.4.4)
WordPress Plugin IBPS Online Exam Multiple Vulnerabilities (1.0)
WordPress Plugin Calendar Event Multi View Security Bypass (1.4.06)
Jenkins Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-1000864)
WordPress Plugin WebEngage Feedback, Survey and Notification Cross-Site Scripting (2.0.0)