Lucene search
K

215 matches found

Nuclei
Nuclei
added 20 hours ago56 views

WordPress WP TripAdvisor Review Slider <10.8 - Authenticated SQL Injection

WordPress WP TripAdvisor Review Slider plugin before 10.8 is susceptible to authenticated SQL injection. The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. This can lead...

8.8CVSS7.2AI score0.04356EPSS
Exploits2References4
NVD
NVD
added 4 days ago9 views

CVE-2026-8441

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS0.00374EPSS
Exploits0References2
EUVD
EUVD
added 4 days ago8 views

EUVD-2026-41274

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprploadmorerevs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $POST'notinstring' and passed through sanitizetextfield — which strips HTML and...

7.5CVSS6AI score0.00374EPSS
Exploits0References2
Patchstack
Patchstack
added 4 days ago7 views

WordPress WP Review Slider Pro plugin <= 12.7.2 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.7.2...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago15 views

CVE-2026-13015

The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...

6.1CVSS5.9AI score0.00211EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/16 9:31 a.m.27 views

CVE-2026-8442 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...

8.1CVSS0.00501EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/06/16 8:34 a.m.6 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00347EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:32 a.m.8 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) SQL Injection vulnerability

Authenticated Subscriber+ SQL Injection vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.8CVSS5.8AI score0.00335EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/06/16 8:27 a.m.5 views

WordPress WP Review Slider Pro plugin <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by h0xilo in WordPress Plugin WP Review Slider Pro versions = 12.6.8...

8.1CVSS5.2AI score0.00501EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/16 8:16 a.m.12 views

CVE-2026-8444

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS0.00347EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 6:49 a.m.9 views

EUVD-2026-37040

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS5.8AI score0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/16 6:49 a.m.29 views

CVE-2026-8444 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...

8.8CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 6:16 a.m.11 views

CVE-2026-8443

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS0.00335EPSS
Exploits0References2
CVE
CVE
added 2026/06/16 5:33 a.m.13 views

CVE-2026-8443

CVE-2026-8443 affects the WordPress plugin WP Review Slider Pro (versions up to 12.6.8). The vulnerability is an SQL Injection in the wppro_get_overall_chart_data AJAX action, triggered via the stypes and slocations parameters. The root cause is the use of stripslashes() on user-supplied JSON pri...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/16 5:33 a.m.9 views

EUVD-2026-37037

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wpprogetoverallchartdata AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes on user-supplied JSON strings prior to jsondecode,...

8.8CVSS5.9AI score0.00335EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.7 views

CVE-2026-39451

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

6.3CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:17 p.m.24 views

CVE-2026-39451 WordPress WP Google Review Slider plugin <= 18.0 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in WP Google Review Slider = 18.0 versions...

6.3CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:17 p.m.16 views

CVE-2026-39451

CVE-2026-39451 concerns the WordPress WP Google Review Slider plugin (versions &lt;= 18.0), with an unauthenticated Cross-Site Scripting (XSS) vulnerability reported. The Patchstack entry notes the vulnerability (discovered by hhhai) in versions

6.3CVSS5.1AI score0.00175EPSS
Exploits0References1
NVD
NVD
added 2026/06/04 2:16 p.m.13 views

CVE-2019-25745

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid'...

8.8CVSS0.00262EPSS
Exploits0References3
CVE
CVE
added 2026/06/04 1:22 p.m.20 views

CVE-2019-25745

CVE-2019-25745 affects WordPress Plugin Google Review Slider 6.1. The vulnerability is a time-based blind SQL injection in the tid parameter, exploitable via GET requests to the plugin’s admin interface by unauthenticated attackers to manipulate queries and potentially extract data. According to ...

8.8CVSS5.9AI score0.00262EPSS
Exploits0References3
Rows per page
Query Builder