4 matches found
CVE-2022-0383
Summary (CVE-2022-0383) : The WordPress WP Review Slider plugin (before 11.0) fails to sanitize/escape the pid parameter when copying a Twitter source, enabling an attacker with high privileges to trigger SQL injection attacks. The issue stems from improper handling of the pid value in Twitter-co...
CVE-2023-0260
The CVE-2023-0260 entry concerns the WP Review Slider WordPress plugin (before 12.2). The root cause is improper sanitisation/escaping of a parameter used in a SQL statement, enabling a SQL injection. Impact is high: an attacker with as little as a subscriber role can exploit it. Affected compone...
CVE-2023-6456
The CVE-2023-6456 entry concerns the WP Review Slider WordPress plugin prior to version 13.0. The vulnerability arises from not sanitising and escaping certain settings, which can let high-privilege users (e.g., admins) perform Stored Cross-Site Scripting even when unfiltered_html is disallowed (...
CVE-2023-51685
CVE-2023-51685 is a stored XSS in the WordPress plugin WP Review Slider caused by improper neutralization of input during web page generation. The vulnerability affects versions up to and including 12.7 (version range shown as n/a through 12.7 in some sources). The described impact is Stored XSS ...