3 matches found
CVE-2026-8444 WP Review Slider Pro <= 12.6.8 - Authenticated (Subscriber+) SQL Injection via 'curselrevs' Parameter
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs' parameter of the wpfbfindreviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $POST'curselrevs' raw with no sanitization or type casting, then concatenatin...
PT-2026-28005
Name of the Vulnerable Software and Affected Versions WP Review Slider versions prior to 13.9 Description A flaw exists in jgwhite33 WP Review Slider wp-facebook-reviews that allows for Stored Cross-site Scripting XSS. This issue arises from improper handling of input during web page generation. ...
WordPress plugin WP Review Slider cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...