Description
WordPress Plugin WP TripAdvisor Review Slider is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WP TripAdvisor Review Slider version 10.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 10.8 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:6A3B6752-8D72-4AB4-9D49-B722A947D2B0
https://plugins.svn.wordpress.org/wp-tripadvisor-review-slider/trunk/README.txt
Related Vulnerabilities
PHP Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1868)
WordPress Plugin Tutor LMS-eLearning and online course solution SQL Injection (2.7.0)
WordPress Plugin HTML5 jQuery Audio Player Multiple Cross-Site Scripting Vulnerabilities (2.3)
WordPress Plugin Restaurant Reservations Privilege Escalation (1.3)