cleantalk
Vulnerabilities and Security Researches

WP Review Slider, CVE-2023-6456

CVE, Research URL

CVE-2023-6456

Home page URL

Security reports for WP Review Slider

Application

WP Review Slider

Published on
Jan 23, 2024
Research Description
The WP Review Slider WordPress plugin before 13.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions
max 13.0.
Status
vulnerable
Previous vulnerability researches
WP Review Slider (CVE-2023-51685) , Jun 07, 2024
WP Review Slider (CVE-2022-0383) , Jun 07, 2024
WP Review Slider (CVE-2023-0260) , Jun 07, 2024
WP Review Slider (CVE-2023-6456) , Jun 07, 2024
WP Review Slider (CVE-2026-32491) , Mar 30, 2026
New vulnerability
Product Feed PRO for WooCommerce (CVE-2026-32443) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-24373) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32385) , Mar 30, 2026
RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login (CVE-2026-32498) , Mar 30, 2026
Gallery Block (Meow Gallery) (CVE-2026-32418) , Mar 30, 2026