PT-2026-54949 · Https://Wpreviewslider.Com/ · Wp Review Slider Pro

H0Xilo

·

Publicado

2026-07-02

·

Atualizado

2026-07-02

·

CVE-2026-8441

CVSS v3.1

7.5

Alta

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'notinstring' parameter of the wprp load more revs AJAX action in versions up to, and including, 12.7.2. The parameter is read via $ POST['notinstring'] and passed through sanitize text field() — which strips HTML and whitespace but does not provide SQL safety. The value is then concatenated directly into a numeric/unquoted AND id NOT IN (...) clause and executed via $wpdb->get results() without $wpdb->prepare() or intval() casting. Because the value sits in an unquoted numeric context, WordPress's wp magic quotes protection (which only escapes embedded quotes) is ineffective. The AJAX hook is registered via wp ajax nopriv wprp load more revs, and the required check ajax referer nonce is publicly available via wp localize script on any frontend page that renders the plugin shortcode, so an unauthenticated attacker who can reach a public page hosting the plugin can extract arbitrary data from the database via blind/time-based injection.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-8441

Produtos afetados

Wp Review Slider Pro