SQL Injection Vulnerability in Thumbnail Slider With Lightbox Plugin for WordPress
CVE-2015-10146

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Thumbnail Slider With Lightbox
Vendor: CVE Published:; 29 October 2025

What is CVE-2015-10146?

The Thumbnail Slider With Lightbox plugin for WordPress suffers from a SQL Injection vulnerability due to insufficient input escaping for the 'id' parameter in all versions up to 1.0.4. This flaw enables authenticated attackers, specifically those with Administrator-level access, to inject malicious SQL queries. By exploiting this vulnerability, attackers can manipulate database queries to extract sensitive information, posing a significant risk to the integrity and confidentiality of the data stored within the database.

Affected Version(s)

Thumbnail Slider With Lightbox * <= 1.0.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/wp-responsive-slider-with-l...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 29, 2025
Vulnerability Reserved
Oct 28, 2025

Credit

Ala Arfaoui

JSON