Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.8 views

CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...

6.1CVSS6.1AI score0.01314EPSS
Exploits2References1
OSV
OSV
added 2022/01/03 1:15 p.m.4 views

CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...

6.1CVSS6.4AI score0.01314EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/01/03 12:49 p.m.19 views

CVE-2021-24973 Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...

6.2AI score0.01314EPSS
Exploits2References2
CVE
CVE
added 2022/01/03 12:49 p.m.62 views

CVE-2021-24973

Site Reviews WordPress plugin prior to 5.17.3 is affected by an unauthenticated Stored XSS via the glsr_action AJAX action, where the site-reviews parameter is not sanitised/escaped. Affects admins viewing the Tool dashboard. Remediation: upgrade to 5.17.3 or later (or apply vendor-provided fixes).

6.1CVSS6AI score0.01314EPSS
Exploits2References2Affected Software1
Rows per page
Query Builder