Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2015-10146
CVE-2015-10146:
WordPress vulnerability analysis and mitigation
Overview
The Thumbnail Slider With Lightbox WordPress plugin versions up to 1.0.4 contains an authenticated SQL injection vulnerability. This vulnerability affects users with administrative access and was discovered in October 2025 (Wordfence).
Technical details
The vulnerability has been assigned a CVSS score of 4.9 (Medium), indicating a moderate severity level. The issue requires authentication and administrative privileges to exploit (Wordfence).
Impact
Since this is an authenticated SQL injection vulnerability affecting administrators, the potential impact is limited to scenarios where an attacker has already gained administrative access to the WordPress installation. The vulnerability could potentially allow manipulation of the database through SQL injection attacks.
Mitigation and workarounds
Users should update to a version newer than 1.0.4 of the Thumbnail Slider With Lightbox plugin to remediate this vulnerability. If immediate updating is not possible, considering temporarily deactivating the plugin until an update can be applied.
Additional resources
Source: This report was generated using AI
Related WordPress vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management