PatchSiren cyber security CVE debrief
CVE-2019-25745 jgwhite33 CVE debrief
CVE-2019-25745 is a time-based blind SQL injection vulnerability in WordPress Plugin Google Review Slider 6.1. The vulnerability allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid' values to extract sensitive database information using time-based blind SQL injection techniques.
- Vendor
- jgwhite33
- Product
- Google Review Slider
- CVSS
- HIGH 8.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Users of WordPress Plugin Google Review Slider 6.1 should be aware of this vulnerability and take action to remediate.
Technical summary
The vulnerability has a CVSS score of 8.8 and is classified as HIGH severity. The CVSS vector is CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X.
Defensive priority
HIGH
Recommended defensive actions
- Update WordPress Plugin Google Review Slider to a version that is not vulnerable.
- Restrict access to the admin interface to only trusted users.
Evidence notes
The vendor of the product is listed as Unknown Vendor, but evidence suggests the product is related to Wordpress.
Official resources
CVE-2019-25745 was published on 2019-04-09T00:00:00.000Z and modified on 2019-04-09T00:00:00.000Z.