Team Circle Image Slider With Lightbox
Moderate fix1 remedy
cpe:2.3:a:i13websolution:team_circle_image_slider_with_lightbox:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- < 1.0.16
Team Circle Image Slider With Lightbox WordPress Plugin Reflected Cross-Site Scripting Vulnerability
Vulnerability
Patched
A reflected cross-site scripting vulnerability has been identified in the Team Circle Image Slider With Lightbox WordPress plugin, affecting versions prior to 1.0.16. The issue arises because the plugin fails to properly sanitize and escape the order_pos parameter before displaying it on an admin page.
Impact
Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.
Reproduction
To reproduce this vulnerability, navigate to the WordPress admin panel and access the image management page for the Circle Thumbnail Slider With Lightbox plugin. Append the order_pos parameter with a script payload, such as a closing script tag followed by an SVG image with an onload event, to trigger the cross-site scripting vulnerability.
Remediation
Users are advised to update the Team Circle Image Slider With Lightbox WordPress plugin to version 1.0.16 or later.
Added: Apr 7, 2026, 11:18 AM
Updated: Apr 7, 2026, 11:18 AM
Vulnerability Rating
Custom Algorithm
spread
2.2impact
7.9exploitability
7.7remediation
7.7relevance
0.0threat
6.4urgency
2.9incentive
0.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.