WP Yelp Review Slider by LJ Apps

WP Yelp Review Slider by LJ Apps <= 7.0 - Subscriber+ SQLi

LANACOMMONVDB ID: 6ad46ab0-1acf-41c9-aa17-1530453a85c0

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.

You must be log in to view vulnerability details.

Or register a new account.

References

Source Code: https://wordpress.org/plugins/wp-yelp-review-slider/

CVE: CVE-2023-0263

Attributes

Catgory: WordPress Plugin

Discovered: 2023-01-09

Published: 2023-01-23

Affected Version: <= 7.0

Classification

Type: SQL Injection

Researcher

Name: István Márton

Email: [email protected]

Support Us?

We would truly appreciate it if you bought us a bunny (food for a snow leopard).