Reflected Cross-Site Scripting Vulnerability in Wp Google Places Review Slider Plugin
CVE-2026-13015
6.1MEDIUM
What is CVE-2026-13015?
The Wp Google Places Review Slider plugin exposes a security flaw that allows unauthenticated attackers to exploit the 'place' parameter. This vulnerability arises from inadequate input sanitization and output escaping, particularly in the admin/partials/googlecrawl_dfs.php file. When a malicious user crafts a specific link, they can manipulate the plugin to execute arbitrary web scripts on pages viewed by unsuspecting users. This poses a significant risk as it can lead to various security issues, including data theft and unauthorized access.
Affected Version(s)
WP Google Review Slider 0 <= 18.1