Reflected Cross-Site Scripting Vulnerability in Vertical Image Slider Plugin by WordPress
CVE-2023-2289

6.1MEDIUM

Key Information:

Vendor

Wordpress
Status
WordPress Vertical Image Slider Plugin
Vendor
CVE Published:
9 June 2023

What is CVE-2023-2289?

The Vertical Image Slider Plugin for WordPress is susceptible to a Reflected Cross-Site Scripting flaw due to inadequate input sanitization and output escaping on the 'search_term' parameter. This vulnerability allows attackers to inject arbitrary scripts into web pages, which may execute unwittingly when users interact with malicious links. Users are advised to update to version 1.2.17 or higher to mitigate this risk.

Affected Version(s)

wordpress vertical image slider plugin * <= 1.2.16

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Marco Wotschka
.