Vulnerabilities and security researches forwp-facebook-reviews wp-facebook-reviews

Mar 30, 2026

CVE, Research URL: CVE-2026-32491
Home page URL: Security reports for WP Review Slider
Application: WP Review Slider
Date: Mar 25, 2026
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Review Slider wp-facebook-reviews allows Stored XSS.This issue affects WP Review Slider: from n/a through <= 13.9.
Affected versions: max 13.9.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-51685
Home page URL: Security reports for WP Review Slider
Application: WP Review Slider
Date: Feb 01, 2024
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LJ Apps WP Review Slider allows Stored XSS.This issue affects WP Review Slider: from n/a through 12.7.
Affected versions: max 12.8.
Status: vulnerable

CVE, Research URL: CVE-2022-0383
Home page URL: Security reports for WP Review Slider
Application: WP Review Slider
Date: Feb 28, 2022
Research Description: The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter when copying a Twitter source, which could allow a high privilege users to perform SQL Injections attacks
Affected versions: max 11.0.
Status: vulnerable

CVE, Research URL: CVE-2023-0260
Home page URL: Security reports for WP Review Slider
Application: WP Review Slider
Date: Feb 13, 2023
Research Description: The WP Review Slider WordPress plugin before 12.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
Affected versions: max 3.6.
Status: vulnerable

CVE, Research URL: CVE-2023-6456
Home page URL: Security reports for WP Review Slider
Application: WP Review Slider
Date: Jan 23, 2024
Research Description: The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 13.0.
Status: vulnerable