4 matches found
CVE-2021-24973
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...
CVE-2021-24973
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...
CVE-2021-24973
Site Reviews WordPress plugin prior to 5.17.3 is affected by an unauthenticated Stored XSS via the glsr_action AJAX action, where the site-reviews parameter is not sanitised/escaped. Affects admins viewing the Tool dashboard. Remediation: upgrade to 5.17.3 or later (or apply vendor-provided fixes).
CVE-2021-24973 Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...