CVE Catalog

CVE-2026-8444

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile — higher than 16% of all known CVEs

Summary

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to and including 12.6.8. The issue arises from the handler reading $_POST['curselrevs'] raw with no sanitization or type casting, allowing for the injection of additional SQL queries.

Risk Assessment

Authenticated attackers with Subscriber-level access and above can exploit this vulnerability to extract sensitive information from the database, posing a serious threat to the organization's data security.

Recommendation

It is recommended to update the WP Review Slider Pro plugin to the latest version to mitigate this vulnerability. Additionally, conducting a security audit of the database to detect potential breaches is advisable.

Original NVD description (English source)

The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type casting, then concatenating each array element directly into a `WHERE id IN ( ... )` clause without quoting and executing via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS