WP Google Review Slider < 16.1 – Cross-Site Request Forgery to SQL Injection | CVE 2025-30783 | Plugin Vulnerabilities

Description

The WP Google Review Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 16.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affects Plugins

wp-google-places-review-slider

Fixed in 16.1

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/6dd8a804-a2bf-430a-8cd5-90e797ddba21

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

astra.r3verii

Verified

No

WPVDB ID

3c78789c-5c3e-48be-bc68-4669b692dc5a

Timeline

Publicly Published

2025-03-27 (about 1 year ago)

Added

2025-04-02 (about 1 year ago)

Last Updated

2025-04-02 (about 1 year ago)

Other

Published

Title

Published

2024-01-08

Title

LiveChat Elementor < 1.0.14 - Cross-Site Request Forgery

Published

2024-06-26

Title

WP Tweet Walls < 1.0.4 - Cross-Site Request Forgery

Published

2024-04-11

Title

WP Compress – Image Optimizer [All-In-One] < 6.11.01 - Cross-Site Request Forgery

Published

2023-12-27

Title

EnvíaloSimple < 2.3 - API Key Update via CSRF

Published

2014-08-01

Title

SolveMedia 1.1.0 - solvemedia.admin.inc Admin Options Page CSRF