5 matches found
WordPress Customer Reviews Collector for WooCommerce plugin <= 4.6.1 - Reflected Cross-Site Scripting vulnerability
Reflected Cross-Site Scripting vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Customer Reviews Collector for WooCommerce versions = 4.6.1...
CVE-2025-12123 Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
CVE-2025-12123
CVE-2025-12123 concerns the WordPress plugin Customer Reviews Collector for WooCommerce . Multiple sources confirm a reflected Cross-Site Scripting vulnerability in versions up to 4.6.1, caused by insufficient input sanitization and output escaping of the email-text parameter. The impact allows u...
PT-2025-48234
The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
WordPress Customer Reviews Collector for WooCommerce Plugin <= 3.9 is vulnerable to Arbitrary File Upload
Software Customer Reviews Collector for WooCommerce Type Plugin Vulnerable versions = 3.9 Fixed in 4.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 9e0239dc9850 Credits Rafie Muhammad...