Vulnerabilities > I13Websolution > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-19 | CVE-2019-25218 | SQL Injection vulnerability in I13Websolution Photo Gallery Slideshow & Masonry Tiled Gallery The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 4.9 |
| 2024-01-08 | CVE-2023-6555 | Cross-site Scripting vulnerability in I13Websolution Email Subscription Popup The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 |
| 2023-12-06 | CVE-2023-6527 | Cross-site Scripting vulnerability in I13Websolution Email Subscription Popup The Email Subscription Popup plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the HTTP_REFERER header in all versions up to, and including, 1.2.18 due to insufficient input sanitization and output escaping. | 6.1 |
| 2023-11-08 | CVE-2023-47226 | Cross-site Scripting vulnerability in I13Websolution Post Sliders & Post Grids Auth. | 4.8 |
| 2023-11-03 | CVE-2023-5945 | Cross-Site Request Forgery (CSRF) vulnerability in I13Websolution Video Carousel Slider With Lightbox 1.0 The video carousel slider with lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 5.4 |
| 2023-10-27 | CVE-2023-5821 | Unspecified vulnerability in I13Websolution Thumbnail Carousel Slider 1.0 The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. | 6.5 |
| 2023-10-25 | CVE-2023-45754 | Cross-site Scripting vulnerability in I13Websolution Easy Testimonial Slider and Form Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form allows Stored XSS.This issue affects Easy Testimonial Slider and Form: from n/a through 1.0.18. | 4.8 |
| 2023-10-18 | CVE-2023-5621 | Cross-site Scripting vulnerability in I13Websolution Thumbnail Slider With Lightbox 1.0 The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Title field in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. | 4.8 |
| 2023-10-12 | CVE-2023-5531 | Cross-Site Request Forgery (CSRF) vulnerability in I13Websolution Thumbnail Slider With Lightbox 1.0 The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. | 4.3 |
| 2023-10-02 | CVE-2023-41731 | Cross-site Scripting vulnerability in I13Websolution Wordpress Publish Post Email Notification Auth. | 4.8 |