VYPR

Thumbnail Carousel Slider

by WordPress

CVEs (4)

  • CVE-2023-1915MedMay 15, 2023
    risk 0.40cvss 6.1epss 0.00

    The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin.

  • CVE-2023-2120MedApr 18, 2023
    risk 0.40cvss 6.1epss 0.01

    The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2019-25222MedMar 15, 2025
    risk 0.32cvss 4.9epss 0.00

    The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This…

  • CVE-2023-5821MedOct 27, 2023
    risk 0.28cvss 4.3epss 0.00

    The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged…