CVE-2019-25745

HIGH

WordPress Plugin Google Review Slider 6.1 SQL Injection via tid

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-25745. PoCs published by Princy Edward.

AI-analyzed exploit summary The exploit demonstrates a time-based blind SQL injection vulnerability in the WordPress plugin 'Google Review Slider' version 6.1 via the 'tid' parameter. It includes a proof-of-concept URL and SQLMap payload confirming the vulnerability.

Description

WordPress Plugin Google Review Slider 6.1 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'tid' parameter. Attackers can send GET requests to the admin interface with malicious 'tid' values to extract sensitive database information using time-based blind SQL injection techniques.

Exploits (1)

exploitdb WORKING POC

by Princy Edward · textwebappsphp

https://www.exploit-db.com/exploits/47567

View Code ZIP pw:eip

The exploit demonstrates a time-based blind SQL injection vulnerability in the WordPress plugin 'Google Review Slider' version 6.1 via the 'tid' parameter. It includes a proof-of-concept URL and SQLMap payload confirming the vulnerability.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: WordPress Plugin Google Review Slider 6.1

Auth required

Prerequisites: WordPress admin access · Plugin version 6.1 installed

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Jun 04, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-47567

https://www.exploit-db.com/exploits/47567

Product product

Official Product Homepage

https://wordpress.org/plugins/wp-google-places-review-slider/

Third Party Advisory third-party-advisory

VulnCheck Advisory: WordPress Plugin Google Review Slider 6.1 SQL Injection via tid

https://www.vulncheck.com/advisories/wordpress-plugin-google-review-slider-sql-injection-via-tid

Scores

CVSS v3 8.2

EPSS 0.0026

EPSS Percentile 17.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

jgwhite33/Google Review Slider 6.1

Published Jun 04, 2026

Tracked Since Jun 04, 2026