PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-2021 contrid CVE debrief

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability requires Contributor-level access and above, and defenders should be aware of this vulnerability and take steps to mitigate it.

Vendor
contrid
Product
Slideshow Gallery LITE
CVSS
MEDIUM 6.4
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-18
Original CVE updated
2026-06-18
Advisory published
2026-06-18
Advisory updated
2026-06-18

Who should care

Users of the Slideshow Gallery LITE plugin for WordPress, particularly those with Contributor-level access and above, should be aware of this vulnerability and take steps to mitigate it. Affected operators, platforms, and security teams should review official advisories and plan for vendor-supported updates or mitigations.

Technical summary

The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute. This is due to insufficient input sanitization and output escaping on user-supplied attributes. An attacker with Contributor-level access and above can inject arbitrary web scripts in pages, which will execute when a user accesses the injected page. Affected product context indicates that this vulnerability requires Contributor-level access and above.

Defensive priority

Medium priority, as the vulnerability requires Contributor-level access and above.

Recommended defensive actions

  • Update the Slideshow Gallery LITE plugin to the latest version.
  • Implement input sanitization and output escaping for user-supplied attributes.
  • Restrict access to the plugin's functionality to authorized users only.
  • Monitor for suspicious activity and implement security logging.
  • Review compensating controls for exposed systems while remediation is scheduled and verified.
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

The CVE record was published on 2026-06-18T13:25:33.917Z and was last modified on 2026-06-18T17:16:29.900Z. The NVD entry is currently Deferred. Evidence is limited to public CVE and NVD information. Defenders should verify affected product deployments, review official advisories, and plan for vendor-supported updates or mitigations.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T13:25:33.917Z and has not been modified since then. The NVD entry is currently Deferred.