Reflected Cross-Site Scripting in Team Circle Image Slider for WordPress
CVE-2023-2604

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Team Circle Image Slider With Lightbox
Vendor: CVE Published:; 9 June 2023

What is CVE-2023-2604?

The Team Circle Image Slider With Lightbox plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit the 'search_term' parameter. Due to inadequate input sanitization and output escaping, attackers can inject malicious web scripts. This exploit can lead to harmful scripts executing if a user unwittingly performs actions such as clicking a manipulated link, potentially compromising the security of their data.

Affected Version(s)

Team Circle Image Slider With Lightbox * <= 1.0.17

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?old_path=%2F...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 9, 2023
Vulnerability Reserved
May 9, 2023

Credit

Marco Wotschka