Lucene search
K

27 matches found

Cvelist
Cvelist
added 2026/06/16 9:31 a.m.30 views

CVE-2026-8442 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter

The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...

8.1CVSS0.00501EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/26 5:3 p.m.2 views

CVE-2026-32491

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 6:31 p.m.5 views

EUVD-2026-15833

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...

6.5CVSS5.8AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2026/03/25 5:17 p.m.6 views

CVE-2026-32491

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...

6.5CVSS0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:14 p.m.25 views

CVE-2026-32491 WordPress WP Review Slider plugin <= 13.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...

6.5CVSS0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-56385

Malicious code in bioql PyPI...

5.9CVSS6.4AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.8 views

CVE-2023-51685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7...

5.9CVSS6.5AI score0.00336EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:57 a.m.12 views

CVE-2023-6456

The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.7AI score0.00336EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 2:54 a.m.10 views

CVE-2023-0260

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

8.8CVSS7.4AI score0.00919EPSS
Exploits2References1
NVD
NVD
added 2024/02/01 11:15 a.m.30 views

CVE-2023-51685

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7...

5.9CVSS5.7AI score0.00336EPSS
Exploits0References1
Prion
Prion
added 2024/02/01 11:15 a.m.26 views

Cross site scripting

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7...

4.3CVSS6.9AI score0.00336EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/01 10:37 a.m.54 views

CVE-2023-51685

CVE-2023-51685 is a stored XSS in the WordPress plugin WP Review Slider caused by improper neutralization of input during web page generation. The vulnerability affects versions up to and including 12.7 (version range shown as n/a through 12.7 in some sources). The described impact is Stored XSS ...

5.9CVSS6.5AI score0.00336EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/22 7:14 p.m.16 views

CVE-2023-6456 WP Review Slider < 13.0 - Admin+ Stored XSS

The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00336EPSS
Exploits1References1
CVE
CVE
added 2024/01/22 7:14 p.m.57 views

CVE-2023-6456

The CVE-2023-6456 entry concerns the WP Review Slider WordPress plugin prior to version 13.0. The vulnerability arises from not sanitising and escaping certain settings, which can let high-privilege users (e.g., admins) perform Stored Cross-Site Scripting even when unfiltered_html is disallowed (...

4.8CVSS4.7AI score0.00336EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/01/22 12:0 a.m.6 views

WordPress plugin WP Review Slider security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...

4.8CVSS5.8AI score0.00336EPSS
Exploits1References2
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.14 views

WordPress WP Review Slider Plugin <= 12.7 is vulnerable to Cross Site Scripting (XSS)

Software WP Review Slider Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51685 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c963c631331 Credits emad Required privilege Administrator...

5.9CVSS6.5AI score0.00336EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/19 12:0 a.m.4 views

WordPress WP Review Slider Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS)

Software WP Review Slider Type Plugin Vulnerable versions = 3.5 Fixed in 3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID be8e0ec16e0c Credits Rafie Muhammad Patchstack Required...

6.1AI score0.00284EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/02/13 3:15 p.m.20 views

CVE-2023-0260

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

8.8CVSS9AI score0.00919EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/02/13 2:32 p.m.9 views

CVE-2023-0260 WP Review Slider < 12.2 - Subscriber+ SQLi

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

9AI score0.00919EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/02/13 2:32 p.m.32 views

CVE-2023-0260 WP Review Slider < 12.2 - Subscriber+ SQLi

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...

9.2AI score0.00919EPSS
Exploits2References1
Rows per page
Query Builder