Jgwhite33 - Wp Thumbtack Review Slider CVE - OpenCVE

Filtered by vendor Jgwhite33 Subscriptions

Filtered by product Wp Thumbtack Review Slider Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-12520	2 Jgwhite33, Wordpress	2 Wp Thumbtack Review Slider, Wordpress	2025-11-07	4 Medium
The WP Airbnb Review Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.2 due to insufficient URL validation that allows users to pull in a malicious HTML file. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
CVE-2025-58216	2 Jgwhite33, Wordpress	2 Wp Thumbtack Review Slider, Wordpress	2025-08-29	5.9 Medium
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgwhite33 WP Thumbtack Review Slider allows Stored XSS. This issue affects WP Thumbtack Review Slider: from n/a through 2.6.

Page 1 of 1.