Skip to main content

Wp Tripadvisor Review Slider EUVDEUVD-2026-15832

| CVE-2026-32490 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-03-25 Patchstack GHSA-77pg-69m3-j9m7
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

3
EUVD ID Assigned
Mar 25, 2026 - 16:47 euvd
EUVD-2026-15832
Analysis Generated
Mar 25, 2026 - 16:47 vuln.today
CVE Published
Mar 25, 2026 - 16:14 nvd
MEDIUM 6.5

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP TripAdvisor Review Slider wp-tripadvisor-review-slider allows Stored XSS.This issue affects WP TripAdvisor Review Slider: from n/a through <= 14.1.

AnalysisAI

A Stored Cross-Site Scripting (XSS) vulnerability exists in the WP TripAdvisor Review Slider WordPress plugin through version 14.1, allowing attackers to inject malicious scripts that persist in the database and execute in the browsers of site visitors. The vulnerability affects all versions up to and including 14.1, and an attacker with sufficient privileges to inject content can compromise user sessions, steal credentials, or perform arbitrary actions on behalf of site administrators. No CVSS score or EPSS data is currently available, and active exploitation status via KEV is unknown, but Patchstack has documented this as a confirmed vulnerability with a reference implementation.

Technical ContextAI

The vulnerability is classified under CWE-79 (Improper Neutralization of Input During Web Page Generation), which describes the failure to properly sanitize or escape user-supplied input before rendering it in HTML context. The affected product is the jgwhite33 WP TripAdvisor Review Slider plugin (CPE: cpe:2.3:a:jgwhite33:wp_tripadvisor_review_slider:*:*:*:*:*:*:*:*), a WordPress plugin designed to display TripAdvisor reviews on websites. The plugin likely fails to sanitize review data, custom fields, or plugin settings before storing them in the WordPress database or rendering them in front-end templates. Because the XSS is classified as Stored (rather than Reflected), the malicious payload persists in the database, making it a higher-severity attack vector that affects all subsequent visitors to the compromised page.

RemediationAI

Immediately upgrade the WP TripAdvisor Review Slider plugin to a patched version beyond 14.1 (consult the vendor or Patchstack for the exact patched version number). Visit the official plugin repository or the vendor's website for patch availability. If no patch is immediately available, consider disabling the plugin until a fix is released, as Stored XSS in a public-facing plugin poses significant risk. As a temporary mitigation, restrict write access to plugin settings and review input fields to trusted administrator roles only, and consider using a Web Application Firewall (WAF) rule to detect and block script injection patterns in review submissions. Monitor the Patchstack database and official WordPress plugin repository for security updates.

Share

EUVD-2026-15832 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy