cleantalk
Vulnerabilities and Security Researches

Thumbnail carousel slider, CVE-2023-2120

CVE, Research URL

CVE-2023-2120

Home page URL

Security reports for Thumbnail carousel slider

Application

Thumbnail carousel slider

Published on
Apr 18, 2023
Research Description
The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 1.1.10.
Status
vulnerable
Previous vulnerability researches
Thumbnail carousel slider (2d6e889a1030d4f63f5210d1ffb851b3f4bc56b8) , Jun 07, 2024
Thumbnail carousel slider (CVE-2023-2119) , Jun 07, 2024
Thumbnail carousel slider (CVE-2023-1915) , Jun 07, 2024
Thumbnail carousel slider (CVE-2023-2120) , Jun 07, 2024
Thumbnail carousel slider (CVE-2023-5821) , Jun 07, 2024
New vulnerability
Subscribe to Download – Download after Email Subscription Form WordPress Plugin (CVE-2025-30785) , Mar 28, 2025
WP Cassify (CVE-2025-30771) , Mar 28, 2025
Sitekit (CVE-2025-30776) , Mar 28, 2025
Comment Approved Notifier Extended (CVE-2025-30792) , Mar 28, 2025
Arrow Maps – Custom Maps for WordPress (CVE-2025-28858) , Mar 28, 2025