2 matches found
CVE-2023-5428 Image vertical reel scroll slideshow <= 9.0 - Authenticated (Subscriber+) SQL Injection via Shortcode
The Image vertical reel scroll slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it...
CVE-2023-5428
CVE-2023-5428 affects the WordPress plugin “Image vertical reel scroll slideshow” up to version 9.0. Root cause: insufficient escaping of user-supplied parameter and inadequate query preparation in the plugin shortcode, enabling authenticated users with subscriber-level+ to inject additional SQL ...