Vulnerabilities and security researches forwp-airbnb-review-slider wp-airbnb-review-slider
Direction: ascendingJun 07, 2024
WP Airbnb Review Slider # CVE-2023-0262
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 13, 2023
- Research Description
- The WP Airbnb Review Slider WordPress plugin before 3.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
- Affected versions
-
max 3.3.
- Status
-
vulnerable
WP Airbnb Review Slider # CVE-2023-23890
- CVE, Research URL
- Home page URL
- Application
- Date
- May 21, 2023
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in LJ Apps WP Airbnb Review Slider plugin <= 3.2 versions.
- Affected versions
-
max 3.3.
- Status
-
vulnerable
Feb 17, 2025
WP Airbnb Review Slider # CVE-2025-26755
- CVE, Research URL
- Home page URL
- Application
- Date
- Feb 17, 2025
- Research Description
- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in jgwhite33 WP Airbnb Review Slider allows Blind SQL Injection. This issue affects WP Airbnb Review Slider: from n/a through 3.9.
- Affected versions
-
max 4.0.
- Status
-
vulnerable
Nov 11, 2025
WP Airbnb Review Slider # CVE-2025-12520
- CVE, Research URL
- Home page URL
- Application
- Date
- Nov 07, 2025
- Research Description
- The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
- Affected versions
-
max 4.4.
- Status
-
vulnerable