Vulnerabilities > I13Websolution
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-15 | CVE-2019-25222 | SQL Injection vulnerability in I13Websolution Thumbnail Carousel Slider The Thumbnail carousel slider plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2024-10-19 | CVE-2019-25218 | SQL Injection vulnerability in I13Websolution Photo Gallery Slideshow & Masonry Tiled Gallery The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2024-09-11 | CVE-2019-25212 | SQL Injection vulnerability in I13Websolution Video Carousel Slider With Lightbox The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-03-29 | CVE-2024-30497 | Unspecified vulnerability in I13Websolution WP Responsive Tabs Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17. | 8.8 |
| 2024-03-17 | CVE-2024-27960 | Unspecified vulnerability in I13Websolution Email Subscription Popup Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20. | 6.1 |
| 2024-03-13 | CVE-2015-10130 | Cross-Site Request Forgery (CSRF) vulnerability in I13Websolution Team Circle Image Slider With Lightbox 1.0 The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 4.3 |
| 2024-01-08 | CVE-2023-6555 | Cross-site Scripting vulnerability in I13Websolution Email Subscription Popup The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2023-12-06 | CVE-2023-6527 | Cross-site Scripting vulnerability in I13Websolution Email Subscription Popup The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-11-08 | CVE-2023-47226 | Unspecified vulnerability in I13Websolution Post Sliders & Post Grids 1.0.20 Auth. | 4.8 |
| 2023-11-03 | CVE-2023-5945 | Cross-Site Request Forgery (CSRF) vulnerability in I13Websolution Video Carousel Slider With Lightbox 1.0 The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 5.4 |