Description
WordPress Plugin WP TripAdvisor Review Slider is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress Plugin WP TripAdvisor Review Slider version 10.7 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 10.8 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:6A3B6752-8D72-4AB4-9D49-B722A947D2B0
https://plugins.svn.wordpress.org/wp-tripadvisor-review-slider/trunk/README.txt
Related Vulnerabilities
WordPress Plugin Side Menu Lite-add sticky fixed buttons SQL Injection (2.2.1)
WordPress Plugin Simple Login Log Multiple Vulnerabilities (0.9.3)
Envoy Proxy Improper Check for Unusual or Exceptional Conditions Vulnerability (CVE-2021-39162)
WordPress Plugin UpiCRM-Free WordPress CRM and Lead Management Information Disclosure (2.1.8.5)
WordPress Plugin Easy Social Icons Multiple Vulnerabilities (1.2.3.1)