EUVD-2025-13315

Malicious code in bioql PyPI...

CVE-2025-8942

Summary (CVE-2025-8942): The WP Hotel Booking WordPress plugin (versions prior to 2.2.3) contains a server-side input-validation flaw in review ratings that lets an attacker modify rating values by intercepting requests. Public references and Red Hat advisories confirm the issue and indicate a pa...

CVE-2025-4170

The Xavin's Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

CVE-2025-4170

The Xavins Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4170 Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Xavins Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4170 Xavin's Review Ratings <= 1.4.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Xavins Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2025-4170

CVE-2025-4170 — Xavin's Review Ratings (WordPress) Vulnerability: Stored Cross-Site Scripting via the plugin's xrr shortcode in all versions up to 1.4.0, caused by insufficient input sanitization and output escaping on user-supplied attributes. Affected product: Xavin's Review Ratings plugin for ...

WordPress plugin Xavins Review Ratings 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2025-18931 · WordPress · Xavin'S Review Ratings

Name of the Vulnerable Software and Affected Versions: Xavin's Review Ratings plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'xrr' shortcode due to insufficient input sanitization and output escaping on...

CVE-2024-8052

The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-8052 Review Ratings <= 1.6 - Stored XSS via CSRF

The Review Ratings WordPress plugin through 1.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-8052

CVE-2024-8052 affects the Review Ratings WordPress plugin (versions ≤ 1.6). The vulnerability enables a Stored XSS via a CSRF flaw caused by missing CSRF checks and insufficient sanitisation/escaping in multiple areas. If a logged-in admin user performs actions triggering these endpoints, an atta...

WordPress plugin Review Ratings 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPres...

WordPress Review Ratings plugin <= 1.6 - Stored XSS via CSRF vulnerability

Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Plugin Review Ratings versions = 1.6...

WordPress Review Ratings Plugin <= 1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Review Ratings Type Plugin Vulnerable versions = 1.6 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8052 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 2dc8272f9c64 Credits Daniel Ruf Required...