Wp Google Review Slider
Monthly
Unauthenticated cross-site scripting in the WP Google Review Slider WordPress plugin (versions up to and including 18.0) allows a remote, unauthenticated attacker to inject arbitrary JavaScript that executes in the browser of any user who interacts with the affected page. Reported by Patchstack and tracked as EUVD-2026-36930, the vulnerability stems from improper input sanitization in a publicly accessible plugin component. No public exploit code or CISA KEV listing has been identified at the time of analysis, placing this in the medium-priority tier despite the unauthenticated attack vector.
The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Unauthenticated cross-site scripting in the WP Google Review Slider WordPress plugin (versions up to and including 18.0) allows a remote, unauthenticated attacker to inject arbitrary JavaScript that executes in the browser of any user who interacts with the affected page. Reported by Patchstack and tracked as EUVD-2026-36930, the vulnerability stems from improper input sanitization in a publicly accessible plugin component. No public exploit code or CISA KEV listing has been identified at the time of analysis, placing this in the medium-priority tier despite the unauthenticated attack vector.
The WP Google Review Slider WordPress plugin before 15.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.