CVE-2022-0648 Team Circle Image Slider With Lightbox < 1.0.16 - Reflected Cross-Site Scripting

2022-03-1414:41:40

CWE-79

WPScan

www.cve.org

cve-2022-0648

wordpress plugin

reflected cross-site scripting

admin page

EPSS

0.001

Percentile

40.2%

JSON

The Team Circle Image Slider With Lightbox WordPress plugin before 1.0.16 does not sanitize and escape the order_pos parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting.

CNA Affected

[
  {
    "product": "Team Circle Image Slider With Lightbox",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "1.0.16",
        "status": "affected",
        "version": "1.0.16",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/90f9ad6a-4855-4a8e-97f6-5f403eb6455d

EPSS

0.001

Percentile

40.2%

JSON

Related for CVELIST:CVE-2022-0648