Cross-Site Scripting Vulnerability in WP TripAdvisor Review Slider by jgwhite33
CVE-2026-32490

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
25 March 2026

What is CVE-2026-32490?

A Cross-Site Scripting (XSS) vulnerability exists in the WP TripAdvisor Review Slider plugin, developed by jgwhite33. This security flaw arises from the improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts that can be stored and executed in the context of users visiting the affected sites. This vulnerability impacts all versions of the plugin up to and including version 14.1.

Affected Version(s)

WP TripAdvisor Review Slider <= n/a

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Doan Dinh Van | Patchstack Bug Bounty Program
.