SQL Injection Vulnerability in Thumbnail Carousel Slider Plugin for WordPress
CVE-2019-25222

4.9MEDIUM

Key Information:

Vendor: WordPress
Status: Thumbnail Carousel Slider
Vendor: CVE Published:; 15 March 2025

What is CVE-2019-25222?

The Thumbnail Carousel Slider Plugin for WordPress is susceptible to SQL injection attacks through the 'id' parameter. This vulnerability arises from inadequate escaping of user-supplied input and a lack of proper SQL query preparation in versions up to and including 1.0.4. Attackers, who do not require authentication, can exploit this flaw to execute malicious SQL commands, potentially accessing sensitive information stored in the database.

Affected Version(s)

Thumbnail carousel slider * <= 1.0.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/wp-responsive-thumbnail-slider

https://plugins.trac.wordpress.org/browser/wp-responsive-...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2025
Vulnerability Reserved
Mar 14, 2025

Credit

Ala Arfaoui