cleantalk
Vulnerabilities and Security Researches

Team Circle Image Slider With Lightbox, CVE-2019-25223

CVE, Research URL

CVE-2019-25223

Home page URL

Security reports for Team Circle Image Slider With Lightbox

Application

Team Circle Image Slider With Lightbox

Published on
Apr 08, 2025
Research Description
The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions
Min -, max 1.0.5.
Status
vulnerable
Previous vulnerability researches
WP Church Donation (CVE-2025-31410) , Apr 03, 2025
WP Church Donation (CVE-2024-13690) , Mar 26, 2025
New vulnerability
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3487) , Apr 18, 2025
Forminator – Contact Form, Payment Form & Custom Form Builder (CVE-2025-3479) , Apr 18, 2025
WPAdverts – Classifieds Plugin (CVE-2025-39576) , Apr 18, 2025
Checkout Files Upload for WooCommerce (CVE-2025-39520) , Apr 18, 2025
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-3453) , Apr 18, 2025