cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2015-10130,https://securityvulnerability.io/vulnerability/CVE-2015-10130,Cross-Site Request Forgery Vulnerability in Image Slider With Lightbox Plugin,"The Team Circle Image Slider With Lightbox plugin for WordPress possesses a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the circle_thumbnail_slider_with_lightbox_image_management_func() function. This security flaw can lead to unauthorized editing of image data, enabling attackers to inject malicious JavaScript code, delete images, and upload harmful files through forged requests. Attackers could leverage social engineering tactics to trick site administrators into executing such actions, further compromising the integrity of the site.",Wordpress,Team Circle Image Slider With Lightbox,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T02:34:52.050Z,0
CVE-2023-2604,https://securityvulnerability.io/vulnerability/CVE-2023-2604,Reflected Cross-Site Scripting in Team Circle Image Slider for WordPress,"The Team Circle Image Slider With Lightbox plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit the 'search_term' parameter. Due to inadequate input sanitization and output escaping, attackers can inject malicious web scripts. This exploit can lead to harmful scripts executing if a user unwittingly performs actions such as clicking a manipulated link, potentially compromising the security of their data.",Wordpress,Team Circle Image Slider With Lightbox,6.1,MEDIUM,0.0008500000112690032,false,,false,false,false,,false,false,2023-06-09T06:16:00.000Z,0
CVE-2022-0648,https://securityvulnerability.io/vulnerability/CVE-2022-0648,Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting,"The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.",Wordpress,Team Circle Image Slider With Lightbox,6.1,MEDIUM,0.0007999999797903001,false,,false,false,false,,false,false,2022-03-14T14:41:40.000Z,0