Reflected Cross-Site Scripting Vulnerability in Vertical Image Slider Plugin by WordPress
CVE-2023-2289

6.1MEDIUM

Key Information:

Vendor: Wordpress
Status: WordPress Vertical Image Slider Plugin
Vendor: CVE Published:; 9 June 2023

Summary

The Vertical Image Slider Plugin for WordPress is susceptible to a Reflected Cross-Site Scripting flaw due to inadequate input sanitization and output escaping on the 'search_term' parameter. This vulnerability allows attackers to inject arbitrary scripts into web pages, which may execute unwittingly when users interact with malicious links. Users are advised to update to version 1.2.17 or higher to mitigate this risk.

Affected Version(s)

wordpress vertical image slider plugin * <= 1.2.16

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 9, 2023
Vulnerability Reserved
Apr 25, 2023

Credit

Marco Wotschka