PT-2022-13142 · WordPress · Wp Review Slider

Felipe De Avila

Published

2022-02-28

Updated

2022-03-08

CVE-2022-0383

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WP Review Slider versions prior to 11.0

Description The issue concerns the WP Review Slider WordPress plugin, where the pid parameter is not properly sanitized and escaped when copying a Twitter source. This could allow high-privilege users to perform SQL injection attacks.

Recommendations For versions prior to 11.0, update to version 11.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Twitter source copying feature to minimize the risk of exploitation. Avoid using the pid parameter in the affected functionality until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-0383

Affected Products

Wp Review Slider

PT-2022-13142 · WordPress · Wp Review Slider

CVE-2022-0383

Weakness Enumeration

Related Identifiers

Affected Products

References · 4