Lucene search
K

111 matches found

Nuclei
Nuclei
added 7 hours ago42 views

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS7AI score0.01856EPSS
Exploits1References3
EUVD
EUVD
added 6 days ago6 views

EUVD-2026-42526

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'color' Shortcode Attribute in all versions up to, and including, 5.113.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS6.1AI score0.00241EPSS
Exploits0References10
Cvelist
Cvelist
added 6 days ago28 views

CVE-2026-13771 Customer Reviews for WooCommerce <= 5.113.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'color' Shortcode Attribute in all versions up to, and including, 5.113.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00241EPSS
Exploits0References10
CVE
CVE
added 2026/06/26 2:52 p.m.12 views

CVE-2026-57318

Affected software : WordPress Site Reviews plugin (

6.5CVSS5.8AI score0.00355EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.34 views

CVE-2026-57318 WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability

Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...

6.5CVSS0.00355EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/24 5:33 a.m.10 views

EUVD-2026-38666

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.7AI score0.00307EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/16 9:31 a.m.7 views

EUVD-2026-23207

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00328EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/04/13 9:58 a.m.7 views

WordPress Customer Reviews for WooCommerce plugin <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability

Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability discovered by kai63001 in WordPress Plugin Customer Reviews for WooCommerce versions = 5.103.0...

5.3CVSS5.8AI score0.00673EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/23 10:17 a.m.6 views

WordPress WP Customer Reviews plugin <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter vulnerability

Reflected Cross-Site Scripting via 'wpcr3fname' Parameter vulnerability discovered by WordFence in WordPress Plugin WP Customer Reviews versions = 3.7.5...

7.2CVSS5.3AI score0.00255EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/07 3:21 a.m.31 views

CVE-2025-14891 Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00242EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/18 12:0 a.m.4 views

PT-2025-52188

Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through = 3.20.1...

7AI score0.00195EPSS
Exploits0References2
NVD
NVD
added 2025/12/09 4:17 p.m.3 views

CVE-2025-12705

The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trimtext' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00327EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/07 7:52 a.m.14 views

CVE-2025-12499

The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contents of a Google Review in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS5.2AI score0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/06 9:31 a.m.4 views

EUVD-2025-201541

The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contents of a Google Review in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS4.8AI score0.00354EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/06 6:30 a.m.6 views

EUVD-2025-201510

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 13.2.4 due to insufficient input sanitization and output escaping on Google Reviews data imported by the plugin. This makes it possible for unauthenticated...

7.2CVSS4.9AI score0.00384EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.8 views

PT-2025-49356

Name of the Vulnerable Software and Affected Versions Rich Shortcodes for Google Reviews plugin for WordPress versions prior to 6.8 Description The Rich Shortcodes for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization...

7.2CVSS5.8AI score0.00354EPSS
Exploits0References9
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/24 1:34 p.m.6 views

Malicious code in @kvytech/medusa-plugin-product-reviews (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e7d8c065be2eaeb4187aed0dbe61de9f0f0ee2b51d61330d9211866dff01504 The package @kvytech/medusa-plugin-product-reviews was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2013-2447

Malware in sbrugna...

4.3CVSS6.2AI score0.05268EPSS
Exploits2References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-23437

Malware in sbrugna...

5.4CVSS4.8AI score0.00274EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2016-1895

Malware in sbrugna...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References2
Rows per page
Query Builder