Headline
CVE-2023-2604: Diff from circle-image-slider-with-lightbox/tags/1.0.17@2910236 to circle-image-slider-with-lightbox/tags/1.0.18@2910236 – WordPress Plugin Repository
The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
circle-image-slider-with-lightbox/tags/1.0.18/circle-image-slider-with-lightbox.php
- Property svn:executable deleted
r2910236
r2910236
6
6
Description:Circle Image Silder With Lightbox is beautiful responsive circle thumbnail image slider with responsive lightbox.Add any number of images from admin panel.
7
7
Author:I Thirteen Web Solution
8
Version:1.0.17
8
Version:1.0.18
9
9
Text Domain:circle-image-slider-with-lightbox
10
10
Domain Path: /languages
…
…
836
836
837
837
838
$action=trim($\_GET\['action'\]);
838
$action=sanitize\_text\_field($\_GET\['action'\]);
839
839
}
840
840
…
…
948
948
949
949
if(isset($\_GET\['order\_by'\]) and $\_GET\['order\_by'\]!=""){
950
$setacrionpage.='&order\_by='.urlencode(sanitize\_text\_field($\_GET\['order\_by'\]));
950
$setacrionpage.='&order\_by='.esc\_html(sanitize\_text\_field($\_GET\['order\_by'\]));
951
951
}
952
952
953
953
if(isset($\_GET\['order\_pos'\]) and $\_GET\['order\_pos'\]!=""){
954
$setacrionpage.='&order\_pos='.urlencode(sanitize\_text\_field($\_GET\['order\_pos'\]));
954
$setacrionpage.='&order\_pos='.esc\_html(sanitize\_text\_field($\_GET\['order\_pos'\]));
955
955
}
956
956
957
957
$seval="";
958
958
if(isset($\_GET\['search\_term'\]) and $\_GET\['search\_term'\]!=""){
959
$seval=trim($\_GET\['search\_term'\]);
959
$seval=esc\_html(sanitize\_text\_field($\_GET\['search\_term'\]));
960
960
}
961
961
…
…
969
969
if(isset($\_GET\['order\_by'\])){
970
970
971
$order\_by=trim($\_GET\['order\_by'\]);
971
$order\_by=esc\_html(sanitize\_text\_field($\_GET\['order\_by'\]));
972
972
}
973
973
974
974
if(isset($\_GET\['order\_pos'\])){
975
975
976
$order\_pos=trim($\_GET\['order\_pos'\]);
976
$order\_pos=esc\_html(sanitize\_text\_field($\_GET\['order\_pos'\]));
977
977
}
978
978
$search\_term='';
979
979
if(isset($\_GET\['search\_term'\])){
980
980
981
$search\_term= sanitize\_text\_field(esc\_sql($\_GET\['search\_term'\]));
981
$search\_term= esc\_html(sanitize\_text\_field(esc\_sql($\_GET\['search\_term'\])));
982
982
}
983
983
…
…
985
985
if(isset($\_GET\['search\_term'\])){
986
986
987
$search\_term\_='&search\_term='.urlencode(sanitize\_text\_field($\_GET\['search\_term'\]));
987
$search\_term\_='&search\_term='.esc\_html(sanitize\_text\_field($\_GET\['search\_term'\]));
988
988
}
989
989
…
…
1836
1836
if(isset($\_GET\['nonce'\]) and $\_GET\['nonce'\]!=''){
1837
1837
1838
$retrieved\_nonce=$\_GET\['nonce'\];
1838
$retrieved\_nonce=sanitize\_text\_field($\_GET\['nonce'\]);
1839
1839
1840
1840
}
circle-image-slider-with-lightbox/tags/1.0.18/readme.txt
- Property svn:executable deleted
r2910236
r2910236
5
5
Tags:Team slider,Team gallery,wordpress circle slider lightbox,wordpress circle slider,wordpress circle gallery slider,wordpress google like rounded image
6
6
Requires at least:3.5
7
Tested up to:6.1
8
Version:1.0.17
9
Stable tag:1.0.17
7
Tested up to:6.2
8
Version:1.0.18
9
Stable tag:1.0.18
10
10
License:GPLv2 or later
11
11
License URI:http://www.gnu.org/licenses/gpl-2.0.html
…
…
138
138
139
139
== Changelog ==
140
141
= 1.0.18 =
142
143
* Fixed vulnerabilities
144
* Tested with WordPress 6.2
145
140
146
141
147
= 1.0.16 =