Wp Airbnb Review Slider
by WordPress
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0262 | Hig | 0.57 | 8.8 | 0.01 | Feb 13, 2023 | The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber. | ||
| CVE-2025-26755 | Hig | 0.49 | 7.6 | 0.00 | Feb 16, 2025 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider wp-airbnb-review-slider allows Blind SQL Injection.This issue affects WP Airbnb Review Slider: from n/a through <= 3.9. | ||
| CVE-2023-23890 | Hig | 0.46 | 7.1 | 0.00 | May 20, 2023 | Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions. | ||
| CVE-2025-12520 | Med | 0.26 | 4.0 | 0.00 | Nov 7, 2025 | The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for… |
- risk 0.57cvss 8.8epss 0.01
The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
- risk 0.49cvss 7.6epss 0.00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider wp-airbnb-review-slider allows Blind SQL Injection.This issue affects WP Airbnb Review Slider: from n/a through <= 3.9.
- risk 0.46cvss 7.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.
- risk 0.26cvss 4.0epss 0.00
The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for…