CVEDB API

The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.3%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.5

References

Products affected by CVE-2018-5374

Slidervilla » Dbox Slider » Version: 1.0

cpe:2.3:a:slidervilla:dbox_slider:1.0
Slidervilla » Dbox Slider » Version: 1.1

cpe:2.3:a:slidervilla:dbox_slider:1.1
Slidervilla » Dbox Slider » Version: 1.1.1

cpe:2.3:a:slidervilla:dbox_slider:1.1.1
Slidervilla » Dbox Slider » Version: 1.2

cpe:2.3:a:slidervilla:dbox_slider:1.2
Slidervilla » Dbox Slider » Version: 1.2.1

cpe:2.3:a:slidervilla:dbox_slider:1.2.1
Slidervilla » Dbox Slider » Version: 1.2.2

cpe:2.3:a:slidervilla:dbox_slider:1.2.2