CVE-2019-25223

Name of the Vulnerable Software and Affected Versions: Team Circle Image Slider With Lightbox plugin for WordPress versions 1.0.4 and earlier

Description: The issue arises from insufficient escaping of the user-supplied id parameter and lack of sufficient preparation on the existing SQL query, allowing authenticated attackers with Administrator-level access and above to append additional SQL queries to existing ones. This can be used to extract sensitive information from the database.

Recommendations: For versions 1.0.4 and earlier, update to a version later than 1.0.4 to resolve the issue. As a temporary workaround, consider restricting access to the id parameter in the affected plugin until a patch is available.