Reflected Cross-Site Scripting Vulnerability in Wp Google Places Review Slider Plugin
CVE-2026-13015

6.1MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
1 July 2026

What is CVE-2026-13015?

The Wp Google Places Review Slider plugin exposes a security flaw that allows unauthenticated attackers to exploit the 'place' parameter. This vulnerability arises from inadequate input sanitization and output escaping, particularly in the admin/partials/googlecrawl_dfs.php file. When a malicious user crafts a specific link, they can manipulate the plugin to execute arbitrary web scripts on pages viewed by unsuspecting users. This poses a significant risk as it can lead to various security issues, including data theft and unauthorized access.

Affected Version(s)

WP Google Review Slider 0 <= 18.1

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.