Sql injection

2023-02-1315:15:00

PRIOn knowledge base

www.prio-n.com

sql injection

wordpress plugin

sql statement

parameter

sanitise

escape

exploitable

subscriber role

0.001 Low

EPSS

Percentile

31.3%

JSON

The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

CPENameOperatorVersion
wp_airbnb_review_sliderlt3.3

CPE	Name	Operator	Version
	wp_airbnb_review_slider	lt	3.3

References

wpscan.com/vulnerability/5d8c28ac-a46c-45d3-acc9-2cd2e6356ba2

0.001 Low

EPSS

Percentile

31.3%

JSON

Related for PRION:CVE-2023-0262