Image Rotator - Reflected cross-site scripting (XSS)
Summary
| Name | Image Rotator 2.0 - Reflected cross-site scripting (XSS) |
| Code name | skims-0047 |
| Product | Image Rotator |
| Affected versions | Version 2.0 |
| State | Private |
| Release date | 2025-03-14 |
Vulnerability
| Kind | Reflected cross-site scripting (XSS) |
| Rule | Reflected cross-site scripting (XSS) |
| Remote | No |
| CVSSv4 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U |
| CVSSv4 Base Score | 4.8 (Medium) |
| Exploit available | No |
| CVE ID(s) | CVE-2025-31313 |
Description
Image Rotator 2.0 was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/appten_imagerotator/__grid.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in Image Rotator 2.0. The following is the output of the tool:
Skims output
88 | $table = new Imagerotator_Table();
89 | $data = $wpdb->get_results(""SELECT id,width,height FROM $table_name"");
90 | $table->data = $data;
91 | $table->table_name = $table_name;
92 | $table->wpdb = $wpdb;
93 | $table->category = $category;
94 | $table->prepare_items();
95 |
96 | ?>
97 | <br />
98 | <br />
99 | <div><a href=""?page=appten_imagerotator&opt=add"" class=""button-primary"" title=""addnew""><?php _e(""Add New Player"" ); ?></a
100 | <br />
101 | <form id=""appten_imagerotator-filter"" method=""get"" style=""width:99;"">
> 102 | <input type=""hidden"" name=""page"" value=""<?php echo $_REQUEST['page'] ?>"" />
103 | <?php $table->display() ?>
104 | </form>
^ Col 0
Our security policy
We have reserved the ID CVE-2025-31313 to refer to this issue from now on.
System Information
- Product: Image Rotator
- Version: 2.0
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team using Skims
Timeline
2025-03-14
Vulnerability discovered.
2025-03-14
Vendor contacted.
