CVE-2026-8443: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in https://wpreviewslider.com/ WP Review Slider Pro
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON strings prior to json_decode(), which removes the escaping applied by WordPress's wp_magic_quotes; the resulting decoded array values are then concatenated directly into SQL WHERE clauses without parameterization, and the constructed query is executed via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The handler also returns the executed SQL string in its JSON response, which simplifies oracle construction for blind exploitation.
AI Analysis
Technical Summary
The WP Review Slider Pro WordPress plugin (up to version 12.6.8) contains an SQL Injection vulnerability in the wppro_get_overall_chart_data AJAX action. This occurs because stripslashes() is applied to user-supplied JSON strings before json_decode(), removing escaping added by WordPress's wp_magic_quotes. The decoded array values are then concatenated directly into SQL WHERE clauses without using $wpdb->prepare(), and the query is executed via $wpdb->get_results(). Authenticated attackers with Subscriber-level privileges can append malicious SQL to extract sensitive data. Additionally, the executed SQL query is returned in the JSON response, facilitating blind SQL injection attacks.
Potential Impact
Successful exploitation allows authenticated users with low privileges (Subscriber-level and above) to perform SQL Injection attacks, potentially leading to unauthorized disclosure of sensitive database information, modification of data, and disruption of application availability. The exposure of the executed SQL query in the response further aids attackers in crafting effective exploits.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the affected AJAX action to trusted users only, and consider disabling the plugin or the vulnerable feature if possible. Monitor vendor channels for an official patch or update addressing this vulnerability.
CVE-2026-8443: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in https://wpreviewslider.com/ WP Review Slider Pro
Description
The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'stypes' and 'slocations' parameters of the wppro_get_overall_chart_data AJAX action in versions up to, and including, 12.6.8. This is due to the use of stripslashes() on user-supplied JSON strings prior to json_decode(), which removes the escaping applied by WordPress's wp_magic_quotes; the resulting decoded array values are then concatenated directly into SQL WHERE clauses without parameterization, and the constructed query is executed via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The handler also returns the executed SQL string in its JSON response, which simplifies oracle construction for blind exploitation.
CVSS v3.1
Score 8.8high
Affected software
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The WP Review Slider Pro WordPress plugin (up to version 12.6.8) contains an SQL Injection vulnerability in the wppro_get_overall_chart_data AJAX action. This occurs because stripslashes() is applied to user-supplied JSON strings before json_decode(), removing escaping added by WordPress's wp_magic_quotes. The decoded array values are then concatenated directly into SQL WHERE clauses without using $wpdb->prepare(), and the query is executed via $wpdb->get_results(). Authenticated attackers with Subscriber-level privileges can append malicious SQL to extract sensitive data. Additionally, the executed SQL query is returned in the JSON response, facilitating blind SQL injection attacks.
Potential Impact
Successful exploitation allows authenticated users with low privileges (Subscriber-level and above) to perform SQL Injection attacks, potentially leading to unauthorized disclosure of sensitive database information, modification of data, and disruption of application availability. The exposure of the executed SQL query in the response further aids attackers in crafting effective exploits.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the affected AJAX action to trusted users only, and consider disabling the plugin or the vulnerable feature if possible. Monitor vendor channels for an official patch or update addressing this vulnerability.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-05-12T20:11:52.971Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a30e6730b89be68884f4f70
Added to database: 6/16/2026, 6:00:19 AM
Last enriched: 6/16/2026, 6:15:07 AM
Last updated: 6/16/2026, 7:40:40 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.