2 matches found
CVE-2023-0261
The CVE-2023-0261 entry concerns the WordPress plugin WP TripAdvisor Review Slider versions before 10.8. The vulnerability is an authenticated SQL injection caused by improper sanitization/escaping of a parameter before it is interpolated into a SQL statement, exploitable by users with a role as ...
CVE-2023-6037
CVE-2023-6037 affects the WordPress plugin WP TripAdvisor Review Slider up to version 11.9. The flaw arises because the plugin does not sanitize and escape certain settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., admin), even when the unfiltered_html capability is dis...