WordPress Plugin Vulnerabilities

Continuous Image Carousel With Lightbox < 1.0.16 - Reflected XSS

Description

The plugin does not sanitise and escape some parameters before outputting them back, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Affects Plugins

Plugin icon
continuous-image-carousel-with-lightbox
Fixed in 1.0.16

References

CVE
CVE-2023-28792
CVE
CVE-2023-28776

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
7.1 (high)

Miscellaneous

Original Researcher
thiennv,yuyudhn
Verified
No
WPVDB ID
aef8f6c3-7fc6-46e1-bbd9-895a9aaee372

Timeline

Publicly Published
2023-03-27 (about 2 years ago)
Added
2023-04-10 (about 2 years ago)
Last Updated
2023-04-10 (about 2 years ago)

Other

Published
Title
Published
2026-02-06
Title
Bold Page Builder <= 5.5.3 - Authenticated (Author+) Stored DOM-based Cross-Site Scripting in Post Grid
Published
2022-03-21
Title
Image optimization & Lazy Load < 3.3.2 - Admin+ Stored Cross-Site Scripting
Published
2014-08-01
Title
ed2k-link-selector <= 1.1.7 - XSS in ZeroClipboard
Published
2025-06-03
Title
Universal Video Player <= 1.4.0 - Reflected Cross-Site Scripting
Published
2025-01-02
Title
Download HTML TinyMCE Button <= 1.2 - Reflected XSS