What the vulnerability does
01Description
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
What the vulnerability does
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
Explanation of Vulnerability in Simple Terms
WP Google Review Slider versions 18.0 and earlier contain a cross-site scripting (XSS) vulnerability. An attacker can inject malicious scripts that execute in a visitor's browser when they view a page containing the vulnerable slider. The vulnerability requires user interaction—the victim must visit an affected page. This can lead to session hijacking, credential theft, or malware distribution.
What an attacker can do
Inject malicious JavaScript that runs in visitors' browsers when they view the slider.
Potential impact on your site
Visitors' sessions and credentials can be compromised; malware or phishing content can be injected into your site.
Conditions required to exploit
No authentication required. Victim must visit a page containing the vulnerable slider component.
Key dates
External resources
Related vulnerabilities