27 matches found
CVE-2026-8442 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) Arbitrary File Deletion via 'myaction' Parameter
The WP Review Slider Pro plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 12.6.8. This is due to missing authorization checks on the wpfbhidereview and wprpsavereviewadmin AJAX handlers combined with insufficient path validation in the wpfbhidereviewaj...
CVE-2026-32491
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...
EUVD-2026-15833
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...
CVE-2026-32491
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...
CVE-2026-32491 WordPress WP Review Slider plugin <= 13.9 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through = 13.9...
EUVD-2023-56385
Malicious code in bioql PyPI...
CVE-2023-51685
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7...
CVE-2023-6456
The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-0260
The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...
CVE-2023-51685
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7...
Cross site scripting
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7...
CVE-2023-51685
CVE-2023-51685 is a stored XSS in the WordPress plugin WP Review Slider caused by improper neutralization of input during web page generation. The vulnerability affects versions up to and including 12.7 (version range shown as n/a through 12.7 in some sources). The described impact is Stored XSS ...
CVE-2023-6456 WP Review Slider < 13.0 - Admin+ Stored XSS
The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-6456
The CVE-2023-6456 entry concerns the WP Review Slider WordPress plugin prior to version 13.0. The vulnerability arises from not sanitising and escaping certain settings, which can let high-privilege users (e.g., admins) perform Stored Cross-Site Scripting even when unfiltered_html is disallowed (...
WordPress plugin WP Review Slider security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability in the WordPress...
WordPress WP Review Slider Plugin <= 12.7 is vulnerable to Cross Site Scripting (XSS)
Software WP Review Slider Type Plugin Vulnerable versions = 12.7 Fixed in 12.8 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-51685 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9c963c631331 Credits emad Required privilege Administrator...
WordPress WP Review Slider Plugin <= 3.5 is vulnerable to Cross Site Scripting (XSS)
Software WP Review Slider Type Plugin Vulnerable versions = 3.5 Fixed in 3.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID be8e0ec16e0c Credits Rafie Muhammad Patchstack Required...
CVE-2023-0260
The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...
CVE-2023-0260 WP Review Slider < 12.2 - Subscriber+ SQLi
The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...
CVE-2023-0260 WP Review Slider < 12.2 - Subscriber+ SQLi
The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber...