VYPR

Wp Google Places Review Slider

by WordPress

Source repositories

CVEs (8)

  • CVE-2023-0259HigFeb 13, 2023
    risk 0.57cvss 8.8epss 0.01

    The WP Google Review Slider WordPress plugin before 11.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

  • CVE-2019-25745HigJun 4, 2026
    risk 0.53cvss 8.2epss 0.00

    WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with…

  • CVE-2025-30783HigMar 27, 2025
    risk 0.53cvss 8.2epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows SQL Injection.This issue affects WP Google Review Slider: from n/a through <= 16.0.

  • CVE-2026-39451MedJun 15, 2026
    risk 0.41cvss 6.3epss 0.00

    Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.

  • CVE-2024-2310MedApr 26, 2024
    risk 0.38cvss 5.9epss 0.00

    The WP Google Review Slider WordPress plugin before 13.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2025-66063MedNov 21, 2025
    risk 0.35cvss 5.4epss 0.00

    Missing Authorization vulnerability in jgwhite33 WP Google Review Slider wp-google-places-review-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Google Review Slider: from n/a through <= 17.4.

  • CVE-2022-4242MedDec 26, 2022
    risk 0.31cvss 4.8epss 0.01

    The WP Google Review Slider WordPress plugin before 11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2022-1772MedJun 13, 2022
    risk 0.31cvss 4.8epss 0.01

    The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick…