34 matches found
CVE-2023-2120
The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the searchterm parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2023-1915
The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin...
CVE-2019-25222
The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2019-25222
CVE-2019-25222 affects the WordPress plugin Thumbnail carousel slider (versions
CVE-2019-25222 Thumbnail carousel slider <= 1.0.4 - Authenticated (Admin+) SQL Injection
The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
CVE-2019-25222 Thumbnail carousel slider <= 1.0.4 - Authenticated (Admin+) SQL Injection
The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...
WordPress plugin Thumbnail carousel slider SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...
WordPress Thumbnail carousel slider plugin <= 1.0.4 - Authenticated (Admin+) SQL Injection vulnerability
Authenticated Admin+ SQL Injection vulnerability discovered by Ala Arfaoui in WordPress Plugin Thumbnail carousel slider versions = 1.0.4...
Thumbnail carousel slider < 1.0.1 - Cross-Site Request Forgery to Mass Slider Deletion
Description The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request...
CVE-2023-5821
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they c...
CVE-2023-5821
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they c...
CVE-2023-5821
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they c...
CVE-2023-5821
The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they c...
WordPress Plugin Thumbnail carousel slider Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
PT-2023-32354 · WordPress · Thumbnail Carousel Slider Plugin
Name of the Vulnerable Software and Affected Versions: Thumbnail carousel slider plugin for WordPress version 1.0 Description: The issue is due to missing nonce validation on the deleteselected function, making it possible for unauthenticated attackers to delete sliders in bulk via a forged reque...
WordPress Thumbnail carousel slider Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Thumbnail carousel slider Type Plugin Vulnerable versions = 1.0 Fixed in 1.0.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5821 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9f54b1a63e12 Credits Ala Arfaoui...
CVE-2023-1915
The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin...
CVE-2023-1915
The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin...
CVE-2023-1915 Thumbnail carousel slider < 1.1.10 - Reflected XSS
The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin...
CVE-2023-1915 Thumbnail carousel slider < 1.1.10 - Reflected XSS
The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin...