SQL Injection Vulnerability in WP TripAdvisor Review Slider for WordPress
CVE-2026-15651

4.9MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
16 July 2026

What is CVE-2026-15651?

The WP TripAdvisor Review Slider plugin for WordPress is vulnerable to an SQL Injection attack through the 'filtersource' parameter. All versions up to and including 14.6 are affected. This vulnerability arises from the inadequate escaping of user-supplied input and insufficient preparation in the SQL queries. Attackers with administrator-level access can exploit this flaw to inject malicious SQL queries, potentially enabling them to access sensitive information stored in the database.

Affected Version(s)

WP TripAdvisor Review Slider 0 <= 14.6

References

CVSS V3.1

Score:
4.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

PRISM
.