PatchSiren cyber security CVE debrief
CVE-2026-2021 contrid CVE debrief
The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute in all versions up to, and including, 1.8.5. This is due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability requires Contributor-level access and above, and defenders should be aware of this vulnerability and take steps to mitigate it.
- Vendor
- contrid
- Product
- Slideshow Gallery LITE
- CVSS
- MEDIUM 6.4
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-18
- Original CVE updated
- 2026-06-18
- Advisory published
- 2026-06-18
- Advisory updated
- 2026-06-18
Who should care
Users of the Slideshow Gallery LITE plugin for WordPress, particularly those with Contributor-level access and above, should be aware of this vulnerability and take steps to mitigate it. Affected operators, platforms, and security teams should review official advisories and plan for vendor-supported updates or mitigations.
Technical summary
The Slideshow Gallery LITE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alwaysauto' shortcode attribute. This is due to insufficient input sanitization and output escaping on user-supplied attributes. An attacker with Contributor-level access and above can inject arbitrary web scripts in pages, which will execute when a user accesses the injected page. Affected product context indicates that this vulnerability requires Contributor-level access and above.
Defensive priority
Medium priority, as the vulnerability requires Contributor-level access and above.
Recommended defensive actions
- Update the Slideshow Gallery LITE plugin to the latest version.
- Implement input sanitization and output escaping for user-supplied attributes.
- Restrict access to the plugin's functionality to authorized users only.
- Monitor for suspicious activity and implement security logging.
- Review compensating controls for exposed systems while remediation is scheduled and verified.
- Check relevant monitoring, detection, and logs for exposed assets that need extra review.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
The CVE record was published on 2026-06-18T13:25:33.917Z and was last modified on 2026-06-18T17:16:29.900Z. The NVD entry is currently Deferred. Evidence is limited to public CVE and NVD information. Defenders should verify affected product deployments, review official advisories, and plan for vendor-supported updates or mitigations.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-06-18T13:25:33.917Z and has not been modified since then. The NVD entry is currently Deferred.