Skip to main content

Wp Tripadvisor Review Slider

4 CVEs product

Monthly

CVE-2026-15651 MEDIUM This Month

SQL Injection in the WP TripAdvisor Review Slider WordPress plugin (all versions through 14.6) allows authenticated attackers holding administrator-level credentials to append arbitrary SQL to existing queries via the unsanitized 'filtersource' parameter, exposing sensitive data stored in the WordPress database. The flaw originates from insufficient escaping and missing prepared statement usage across multiple display and admin class files identified by Wordfence. No public exploit code or active exploitation has been identified at time of analysis, and the high privilege requirement significantly constrains real-world impact.

SQLi WordPress Wp Tripadvisor Review Slider
NVD
CVSS 3.1
4.9
CVE-2026-32490 MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the WP TripAdvisor Review Slider WordPress plugin through version 14.1, allowing attackers to inject malicious scripts that persist in the database and execute in the browsers of site visitors. The vulnerability affects all versions up to and including 14.1, and an attacker with sufficient privileges to inject content can compromise user sessions, steal credentials, or perform arbitrary actions on behalf of site administrators. No CVSS score or EPSS data is currently available, and active exploitation status via KEV is unknown, but Patchstack has documented this as a confirmed vulnerability with a reference implementation.

XSS Wp Tripadvisor Review Slider
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2023-6037 MEDIUM POC This Month

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Tripadvisor Review Slider
NVD WPScan
CVSS 3.1
4.8
EPSS
0.1%
CVE-2023-0261 HIGH POC This Week

The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Tripadvisor Review Slider
NVD WPScan
CVSS 3.1
8.8
EPSS
4.4%
CVSS 4.9
MEDIUM This Month

SQL Injection in the WP TripAdvisor Review Slider WordPress plugin (all versions through 14.6) allows authenticated attackers holding administrator-level credentials to append arbitrary SQL to existing queries via the unsanitized 'filtersource' parameter, exposing sensitive data stored in the WordPress database. The flaw originates from insufficient escaping and missing prepared statement usage across multiple display and admin class files identified by Wordfence. No public exploit code or active exploitation has been identified at time of analysis, and the high privilege requirement significantly constrains real-world impact.

SQLi WordPress Wp Tripadvisor Review Slider
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

A Stored Cross-Site Scripting (XSS) vulnerability exists in the WP TripAdvisor Review Slider WordPress plugin through version 14.1, allowing attackers to inject malicious scripts that persist in the database and execute in the browsers of site visitors. The vulnerability affects all versions up to and including 14.1, and an attacker with sufficient privileges to inject content can compromise user sessions, steal credentials, or perform arbitrary actions on behalf of site administrators. No CVSS score or EPSS data is currently available, and active exploitation status via KEV is unknown, but Patchstack has documented this as a confirmed vulnerability with a reference implementation.

XSS Wp Tripadvisor Review Slider
NVD VulDB
EPSS 0% CVSS 4.8
MEDIUM POC This Month

The WP TripAdvisor Review Slider WordPress plugin before 11.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress Wp Tripadvisor Review Slider
NVD WPScan
EPSS 4% CVSS 8.8
HIGH POC This Week

The WP TripAdvisor Review Slider WordPress plugin before 10.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Wp Tripadvisor Review Slider
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy