Search criteria
5 vulnerabilities by gopi_plus
CVE-2026-5340 (GCVE-0-2026-5340)
Vulnerability from cvelistv5 – Published: 2026-05-12 07:48 – Updated: 2026-05-12 12:49
VLAI
Title
Fancy Image Show <= 9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
Summary
The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Severity
6.4 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gopi_plus | Fancy Image Show |
Affected:
0 , ≤ 9.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5340",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-12T12:49:41.064006Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T12:49:49.442Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Fancy Image Show",
"vendor": "gopi_plus",
"versions": [
{
"lessThanOrEqual": "9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Djaidja Moundjid"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Fancy Image Show plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin\u0027s `fancy-img-show` shortcode in all versions up to, and including, 9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T07:48:17.797Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/131d07ad-4e87-4137-a5df-2b74db1e9ae8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/fancy-image-show/trunk/fancy-image-show.php#L178"
},
{
"url": "https://plugins.trac.wordpress.org/browser/fancy-image-show/tags/9.1/fancy-image-show.php#L178"
},
{
"url": "https://plugins.trac.wordpress.org/browser/fancy-image-show/tags/9.1/fancy-image-show.php#L117"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-05-11T19:03:52.000Z",
"value": "Disclosed"
}
],
"title": "Fancy Image Show \u003c= 9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2026-5340",
"datePublished": "2026-05-12T07:48:17.797Z",
"dateReserved": "2026-04-01T14:16:23.792Z",
"dateUpdated": "2026-05-12T12:49:49.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9198 (GCVE-0-2025-9198)
Vulnerability from cvelistv5 – Published: 2025-10-03 11:17 – Updated: 2026-04-08 16:47
VLAI
Title
Wp cycle text announcement <= 8.1 - Authenticated (Contributor+) SQL Injection
Summary
The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the 'cycle-text' shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity
6.5 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gopi_plus | Wp cycle text announcement |
Affected:
0 , ≤ 8.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-24T20:32:01.622934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-24T20:32:07.928Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wp cycle text announcement",
"vendor": "gopi_plus",
"versions": [
{
"lessThanOrEqual": "8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Peter Thaleikis"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Wp cycle text announcement plugin for WordPress is vulnerable to SQL Injection via the \u0027cycle-text\u0027 shortcode in all versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:47:43.846Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3db1375b-169a-450d-86b5-2db99f916034?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-cycle-text-announcement/trunk/wp-cycle-text-announcement.php#L129"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-02T22:31:18.000Z",
"value": "Disclosed"
}
],
"title": "Wp cycle text announcement \u003c= 8.1 - Authenticated (Contributor+) SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-9198",
"datePublished": "2025-10-03T11:17:10.412Z",
"dateReserved": "2025-08-19T17:22:46.497Z",
"dateUpdated": "2026-04-08T16:47:43.846Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-53308 (GCVE-0-2025-53308)
Vulnerability from cvelistv5 – Published: 2025-06-27 13:21 – Updated: 2026-04-28 16:13
VLAI
Title
WordPress Image Slider With Description plugin <= 9.2 - Cross Site Request Forgery (CSRF) Vulnerability
Summary
Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.This issue affects Image Slider With Description: from n/a through <= 9.2.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-352 - Cross-Site Request Forgery (CSRF)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://patchstack.com/database/Wordpress/Plugin/… | vdb-entry |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gopi_plus | Image Slider With Description |
Affected:
0 , ≤ 9.2
(custom)
|
Date Public
2026-04-01 16:41
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-53308",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-27T17:01:06.390319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-27T17:28:03.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"packageName": "image-slider-with-description",
"product": "Image Slider With Description",
"vendor": "gopi_plus",
"versions": [
{
"lessThanOrEqual": "9.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Skalucy | Patchstack Bug Bounty Program"
}
],
"datePublic": "2026-04-01T16:41:53.552Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.\u003cp\u003eThis issue affects Image Slider With Description: from n/a through \u003c= 9.2.\u003c/p\u003e"
}
],
"value": "Cross-Site Request Forgery (CSRF) vulnerability in gopi_plus Image Slider With Description image-slider-with-description allows Stored XSS.This issue affects Image Slider With Description: from n/a through \u003c= 9.2."
}
],
"impacts": [
{
"capecId": "CAPEC-592",
"descriptions": [
{
"lang": "en",
"value": "Stored XSS"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-28T16:13:23.507Z",
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack"
},
"references": [
{
"tags": [
"vdb-entry"
],
"url": "https://patchstack.com/database/Wordpress/Plugin/image-slider-with-description/vulnerability/wordpress-image-slider-with-description-plugin-9-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
"title": "WordPress Image Slider With Description plugin \u003c= 9.2 - Cross Site Request Forgery (CSRF) Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"assignerShortName": "Patchstack",
"cveId": "CVE-2025-53308",
"datePublished": "2025-06-27T13:21:32.265Z",
"dateReserved": "2025-06-27T11:59:06.867Z",
"dateUpdated": "2026-04-28T16:13:23.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5466 (GCVE-0-2023-5466)
Vulnerability from cvelistv5 – Published: 2023-11-22 15:33 – Updated: 2026-04-08 16:53
VLAI
Title
Wp anything slider <= 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Summary
The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| gopi_plus | Wp anything slider |
Affected:
0 , ≤ 9.1
(semver)
|
|
| gopiplus | wp_anything_slider |
Affected:
0 , ≤ 9.1
(semver)
cpe:2.3:a:gopiplus:wp_anything_slider:9.1:*:*:*:*:wordpress:*:* |
Credits
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gopiplus:wp_anything_slider:9.1:*:*:*:*:wordpress:*:*"
],
"defaultStatus": "unknown",
"product": "wp_anything_slider",
"vendor": "gopiplus",
"versions": [
{
"lessThanOrEqual": "9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T13:30:45.927173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:30:54.837Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.752Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L122"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L136"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2985513/wp-anything-slider#file2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Wp anything slider",
"vendor": "gopi_plus",
"versions": [
{
"lessThanOrEqual": "9.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Wp anything slider plugin for WordPress is vulnerable to SQL Injection via the plugin\u0027s shortcode in versions up to, and including, 9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:53:03.697Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/535e754e-f851-4809-a148-d9ba808b9d8a?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L122"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wp-anything-slider/trunk/wp-anything-slider.php?rev=2827063#L136"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985513/wp-anything-slider#file2"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-06T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-10-07T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-10-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Wp anything slider \u003c= 9.1 - Authenticated (Subscriber+) SQL Injection via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5466",
"datePublished": "2023-11-22T15:33:24.767Z",
"dateReserved": "2023-10-09T15:47:17.216Z",
"dateUpdated": "2026-04-08T16:53:03.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-5464 (GCVE-0-2023-5464)
Vulnerability from cvelistv5 – Published: 2023-10-31 08:32 – Updated: 2026-04-08 16:33
VLAI
Title
Jquery accordion slideshow <= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode
Summary
The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin's shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| gopi_plus | Jquery accordion slideshow |
Affected:
0 , ≤ 8.1
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:59:44.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/jquery-accordion-slideshow/trunk/jquery-accordion-slideshow.php?rev=2827053#L177"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2985511/jquery-accordion-slideshow#file0"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T18:34:11.009767Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T18:54:24.287Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Jquery accordion slideshow",
"vendor": "gopi_plus",
"versions": [
{
"lessThanOrEqual": "8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Istv\u00e1n M\u00e1rton"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Jquery accordion slideshow plugin for WordPress is vulnerable to SQL Injection via the plugin\u0027s shortcode in versions up to, and including, 8.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers with subscriber-level and above permissions to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T16:33:20.888Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0531ca34-5d7b-4071-a1aa-934f14b87728?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/jquery-accordion-slideshow/trunk/jquery-accordion-slideshow.php?rev=2827053#L177"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2985511/jquery-accordion-slideshow#file0"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-10-06T00:00:00.000Z",
"value": "Discovered"
},
{
"lang": "en",
"time": "2023-10-07T00:00:00.000Z",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2023-10-30T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "Jquery accordion slideshow \u003c= 8.1 - Authenticated (Subscriber+) SQL Injection via Shortcode"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2023-5464",
"datePublished": "2023-10-31T08:32:48.492Z",
"dateReserved": "2023-10-09T15:46:44.853Z",
"dateUpdated": "2026-04-08T16:33:20.888Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}