The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site...
6.1CVSS
6.2AI Score
0.001EPSS
The get_sliders() function in the Image Slider by Ays- Responsive Slider and Carousel WordPress plugin before 2.5.0 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin...
8.8CVSS
9AI Score
0.001EPSS
Unspecified vulnerability in the Image News slider plugin before 3.3 for WordPress has unspecified impact and remote attack...
7AI Score
0.006EPSS