CVE-2020-36729
Slideshow, Image Slider by 2J <= 1.3.31 - Authorization Bypass
CVSS Score
5.4
EPSS Score
0.0%
EPSS Percentile
0th
The 2J-SlideShow Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the 'twoj_slideshow_setup' function called via the wp_ajax_twoj_slideshow_setup AJAX action in versions up to, and including, 1.3.31. This makes it possible for authenticated attackers (Subscriber, or above level access) to allow attackers to perform otherwise restricted actions and subsequently deactivate any plugins on the blog.
| CWE | CWE-285 |
| Vendor | 2j-slideshow |
| Product | slideshow, image slider by 2j |
| Published | Jun 7, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for 2j-slideshow slideshow, image slider by 2j
Be the first to know when new medium vulnerabilities affecting 2j-slideshow slideshow, image slider by 2j are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
2j-slideshow / Slideshow, Image Slider by 2J
0 โค 1.3.31
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/f06d1b9e-e27d-4c43-a69b-7641518e4615?source=cve blog.nintechnet.com: https://blog.nintechnet.com/wordpress-2j-slideshow-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/ acunetix.com: https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-images-slideshow-by-2j-image-slider-security-bypass-1-3-31/ plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2226528%402j-slideshow&new=2226528%402j-slideshow&sfp_email=&sfph_mail=
Credits
Jerome Bruandet