WordPress Plugin Vulnerabilities

Team Circle Image Slider With Lightbox < 1.0.18 - Reflected Cross-Site Scripting

Description

The plugin does not properly sanitize and escape the 'search_term' parameter, leading to Reflected Cross-Site Scripting vulnerability.

Affects Plugins

Plugin icon
circle-image-slider-with-lightbox
Fixed in 1.0.18

References

CVE
CVE-2023-2604

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
No
WPVDB ID
e0c12d7e-cbed-4198-8818-b8bf1f249cbc

Timeline

Publicly Published
2023-05-09 (about 3 years ago)
Added
2023-06-09 (about 2 years ago)
Last Updated
2023-06-09 (about 2 years ago)

Other

Published
Title
Published
2024-03-25
Title
Breeze < 2.1.4 - Admin+ Stored XSS
Published
2025-02-03
Title
Alert Box Block – Display notice/alerts in the front end < 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2014-08-01
Title
Terillion Reviews < 1.2 - Profile Id Field XSS
Published
2025-06-05
Title
Abbie Expander <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-01-30
Title
Kona Gallery Block <= 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting