Skip to main content

Wp Review Slider

4 CVEs product

Monthly

CVE-2026-32491 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the WP Review Slider plugin (also known as wp-facebook-reviews) versions 13.9 and earlier, allowing attackers to inject malicious scripts that persist in the application and execute in users' browsers. This vulnerability affects WordPress site administrators and users who interact with review content. An attacker can exploit this to steal session tokens, deface content, redirect users to malicious sites, or perform actions on behalf of compromised users.

XSS Wp Review Slider
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-51685 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LJ Apps WP Review Slider allows Stored XSS.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Review Slider
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-0260 HIGH POC This Week

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Review Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-0383 HIGH POC This Week

The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Review Slider
NVD WPScan
CVSS 3.1
7.2
EPSS
1.4%
EPSS 0% CVSS 6.5
MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the WP Review Slider plugin (also known as wp-facebook-reviews) versions 13.9 and earlier, allowing attackers to inject malicious scripts that persist in the application and execute in users' browsers. This vulnerability affects WordPress site administrators and users who interact with review content. An attacker can exploit this to steal session tokens, deface content, redirect users to malicious sites, or perform actions on behalf of compromised users.

XSS Wp Review Slider
NVD VulDB
EPSS 0% CVSS 5.9
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LJ Apps WP Review Slider allows Stored XSS.7. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Review Slider
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Review Slider
NVD WPScan
EPSS 1% CVSS 7.2
HIGH POC This Week

The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi WordPress Wp Review Slider
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy