Lucene search
K

5 matches found

Patchstack
Patchstack
added 2025/11/27 9:54 a.m.5 views

WordPress Customer Reviews Collector for WooCommerce plugin <= 4.6.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Customer Reviews Collector for WooCommerce versions = 4.6.1...

6.1CVSS6.3AI score0.00175EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/11/27 5:17 a.m.11 views

CVE-2025-12123 Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting

The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS0.00175EPSS
Exploits0References2
CVE
CVE
added 2025/11/27 5:17 a.m.20 views

CVE-2025-12123

CVE-2025-12123 concerns the WordPress plugin Customer Reviews Collector for WooCommerce . Multiple sources confirm a reflected Cross-Site Scripting vulnerability in versions up to 4.6.1, caused by insufficient input sanitization and output escaping of the email-text parameter. The impact allows u...

6.1CVSS5.3AI score0.00175EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/27 12:0 a.m.8 views

PT-2025-48234

The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

6.1CVSS5.6AI score0.00175EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/11/28 12:0 a.m.14 views

WordPress Customer Reviews Collector for WooCommerce Plugin <= 3.9 is vulnerable to Arbitrary File Upload

Software Customer Reviews Collector for WooCommerce Type Plugin Vulnerable versions = 3.9 Fixed in 4.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 9e0239dc9850 Credits Rafie Muhammad...

8CVSS7.2AI score0.00535EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder