CVE-2023-1915: Thumbnail carousel slider < 1.1.10 - Reflected XSS
First published: Mon May 15 2023(Updated: )
The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.
Credit: contact@wpscan.com contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| I13websolution Thumbnail Carousel Slider | <1.1.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this WordPress plugin?
The vulnerability ID for this WordPress plugin is CVE-2023-1915.
What is the severity of CVE-2023-1915?
The severity of CVE-2023-1915 is medium with a CVSS score of 6.1.
How does CVE-2023-1915 affect the Thumbnail carousel slider WordPress plugin?
CVE-2023-1915 affects the Thumbnail carousel slider WordPress plugin version up to 1.1.10.
What is the impact of CVE-2023-1915?
CVE-2023-1915 allows for Reflected Cross-Site Scripting (XSS) attacks, potentially targeting high privilege users like admin.
How can I fix the CVE-2023-1915 vulnerability in the Thumbnail carousel slider WordPress plugin?
To fix the CVE-2023-1915 vulnerability, update the Thumbnail carousel slider WordPress plugin to version 1.1.10 or higher.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/severity
- agent/author
- agent/references
- agent/title
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/i13websolution
- canonical/i13websolution thumbnail carousel slider