Aggregates CVE and security vulnerability intelligence across all i13websolution-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk sql injection, and vendor risk csrf; exposure may include vendor impact session compromise in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-41731 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions. | [email protected] | 5.9 | 0.31% | 2023-10-02 | 2026-06-17 |
| CVE-2023-41658 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions. | [email protected] | 7.1 | 0.31% | 2023-09-29 | 2026-06-17 |
| CVE-2023-32597 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Gallery plugin <= 1.0.10 versions. | [email protected] | 7.1 | 0.31% | 2023-08-30 | 2026-06-17 |
| CVE-2023-32797 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution video carousel slider with lightbox plugin <= 1.0.22 versions. | [email protected] | 7.1 | 0.31% | 2023-08-25 | 2026-06-17 |
| CVE-2023-30785 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Video Grid plugin <= 1.21 versions. | [email protected] | 7.1 | 0.38% | 2023-08-16 | 2026-06-17 |
| CVE-2023-30489 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Email Subscription Popup plugin <= 1.2.16 versions. | [email protected] | 7.1 | 0.36% | 2023-08-14 | 2026-06-17 |
| CVE-2023-24413 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions. | [email protected] | 7.1 | 0.38% | 2023-08-08 | 2026-06-17 |
| CVE-2023-24409 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions. | [email protected] | 7.1 | 0.38% | 2023-08-08 | 2026-06-17 |
| CVE-2023-28776 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Continuous Image Carousel With Lightbox plugin <= 1.0.15 versions. | [email protected] | 7.1 | 0.38% | 2023-06-22 | 2026-06-17 |
| CVE-2023-2604 | The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | [email protected] | 6.1 | 0.43% | 2023-06-09 | 2026-06-17 |
| CVE-2023-2402 | The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2023-41658 appears to be a duplicate of this | [email protected] | 6.1 | 0.43% | 2023-06-09 | 2026-06-17 |
| CVE-2023-2289 | The wordpress vertical image slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | [email protected] | 6.1 | 0.43% | 2023-06-09 | 2026-06-17 |
| CVE-2023-2184 | The WP Responsive Tabs horizontal vertical and accordion Tabs plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | [email protected] | 6.1 | 0.43% | 2023-06-09 | 2026-06-17 |
| CVE-2023-2710 | The video carousel slider with lightbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2023-32797 may be a duplicate of this. | [email protected] | 6.1 | 0.61% | 2023-05-15 | 2026-06-17 |
| CVE-2023-2708 | The Video Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘search_term’ parameter in versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVE-2023-32597 may be a duplicate of this. | [email protected] | 6.1 | 0.57% | 2023-05-15 | 2026-06-17 |
| CVE-2023-1915 | The Thumbnail carousel slider WordPress plugin before 1.1.10 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting vulnerability which could be used against high privilege users such as admin. | [email protected] | 6.1 | 0.48% | 2023-05-15 | 2026-06-17 |
| CVE-2022-47600 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Mass Email To users plugin <= 1.1.4 versions. | [email protected] | 7.1 | 0.38% | 2023-05-10 | 2026-06-17 |
| CVE-2023-24392 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Full Width Banner Slider Wp plugin <= 1.1.7 versions. | [email protected] | 7.1 | 0.38% | 2023-05-10 | 2026-06-17 |
| CVE-2022-46799 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions. | [email protected] | 7.1 | 0.38% | 2023-05-08 | 2026-06-17 |
| CVE-2023-2120 | The Thumbnail carousel slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search_term parameter in versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | [email protected] | 6.1 | 0.61% | 2023-04-17 | 2026-06-17 |