cleantalk
Vulnerabilities and Security Researches

Thumbnail Slider With Lightbox, CVE-2015-10146

CVE, Research URL

CVE-2015-10146

Home page URL

Security reports for Thumbnail Slider With Lightbox

Application

Thumbnail Slider With Lightbox

Published on
Oct 29, 2025
Research Description
The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
max 1.0.5.
Status
vulnerable
Previous vulnerability researches
Pz-LinkCard (CVE-2025-8594) , Nov 10, 2025
Pz-LinkCard (CVE-2024-0672) , Jun 07, 2024
Pz-LinkCard (CVE-2021-25012) , Jun 07, 2024
Pz-LinkCard (CVE-2024-0673) , Jun 07, 2024
Pz-LinkCard (CVE-2023-47790) , Jun 07, 2024
New vulnerability
LinkedIn Resume (CVE-2025-12402) , Nov 11, 2025
EM Beer Manager (CVE-2025-11724) , Nov 11, 2025
WP Delicious – Best WordPress Recipes Plugin (formerly Delicious Recipes) (CVE-2025-11755) , Nov 11, 2025
Directorist – WordPress Business Directory Plugin with Classified Ads Listings (CVE-2025-10488) , Nov 11, 2025
Tooltipy (tooltips for WP) (CVE-2025-62917) , Nov 11, 2025