JVN#60978548: WordPress plugin "Site Reviews" vulnerable to cross-site scripting

2018-05-28T00:00:00
ID JVN:60978548
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-05-28T00:00:00

Description

## Description

The WordPress plugin "Site Reviews" provided by Gemini Labs contains a stored cross-site scripting vulnerability (CWE-79).

## Impact

An arbitrary script may be executed on a logged in user's web browser.

## Solution

Update the plugin
Update the plugin according to the information provided by the developer.

## Products Affected

  • Site Reviews prior to version 2.15.3