CVE-2022-0648

CVE-2022-0648: Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting

Vendor Unknown

Product Team Circle Image Slider With Lightbox

Weakness CWE-79 · XSS

Published March 14, 2022

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

Key dates

02Disclosure timeline

March 14, 2022 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-0648

Related vulnerabilities

04Related CVE

CVE-2022-2748 SourceCodester Simple Online Book Store System edit.php cross site scripting CVE-2023-51458 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2023-3564 GZ Scripts GZ Multi Hotel Booking System index.php cross site scripting CVE-2024-2124 Translate WordPress and go Multilingual – Weglot <= 4.2.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes CVE-2023-51403 WordPress Restaurant Reservations Plugin <= 1.8 is vulnerable to Cross Site Scripting (XSS)