Lucene search
K
LjappsWp Review Slider

4 matches found

CVE
CVE
added 2022/02/28 9:6 a.m.104 views

CVE-2022-0383

Summary (CVE-2022-0383) : The WordPress WP Review Slider plugin (before 11.0) fails to sanitize/escape the pid parameter when copying a Twitter source, enabling an attacker with high privileges to trigger SQL injection attacks. The issue stems from improper handling of the pid value in Twitter-co...

7.2CVSS7AI score0.01445EPSS
Web
CVE
CVE
added 2023/02/13 2:32 p.m.60 views

CVE-2023-0260

The CVE-2023-0260 entry concerns the WP Review Slider WordPress plugin (before 12.2). The root cause is improper sanitisation/escaping of a parameter used in a SQL statement, enabling a SQL injection. Impact is high: an attacker with as little as a subscriber role can exploit it. Affected compone...

8.8CVSS9AI score0.00919EPSS
Web
CVE
CVE
added 2024/01/22 7:14 p.m.57 views

CVE-2023-6456

The CVE-2023-6456 entry concerns the WP Review Slider WordPress plugin prior to version 13.0. The vulnerability arises from not sanitising and escaping certain settings, which can let high-privilege users (e.g., admins) perform Stored Cross-Site Scripting even when unfiltered_html is disallowed (...

4.8CVSS4.7AI score0.00336EPSS
CVE
CVE
added 2024/02/01 10:37 a.m.54 views

CVE-2023-51685

CVE-2023-51685 is a stored XSS in the WordPress plugin WP Review Slider caused by improper neutralization of input during web page generation. The vulnerability affects versions up to and including 12.7 (version range shown as n/a through 12.7 in some sources). The described impact is Stored XSS ...

5.9CVSS6.5AI score0.00336EPSS