SQL Injection Vulnerability in Image Vertical Reel Scroll Slideshow Plugin for WordPress
CVE-2023-5428

6.5MEDIUM

Key Information:

Vendor: Wordpress
Status: Image vertical reel scroll slideshow
Vendor: CVE Published:; 31 October 2023

Summary

The Image Vertical Reel Scroll Slideshow plugin for WordPress has a vulnerability that allows authenticated users with subscriber-level permissions and above to exploit SQL Injection via the shortcode. Due to insufficient escaping of user-supplied parameters and a lack of proper preparation in SQL queries, attackers can inject additional SQL queries to extract sensitive data from the database. This vulnerability affects versions up to and including 9.0 of the plugin, highlighting the necessity for users to update to secure versions and implement robust security measures to safeguard their information.

Affected Version(s)

Image vertical reel scroll slideshow * <= 9.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/image-vertical...

https://plugins.trac.wordpress.org/changeset/2985333/imag...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 31, 2023
Vulnerability Reserved
Oct 5, 2023

Credit

Lana Codes