Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

EUVD-2026-23207

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

WordPress Customer Reviews for WooCommerce plugin <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability

Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability discovered by kai63001 in WordPress Plugin Customer Reviews for WooCommerce versions = 5.103.0...

WordPress WP Customer Reviews plugin <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter vulnerability

Reflected Cross-Site Scripting via 'wpcr3fname' Parameter vulnerability discovered by WordFence in WordPress Plugin WP Customer Reviews versions = 3.7.5...

CVE-2025-14891 Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

PT-2025-52188

Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through = 3.20.1...

CVE-2025-12705

The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trimtext' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2025-12499

The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contents of a Google Review in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

EUVD-2025-201541

The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contents of a Google Review in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

EUVD-2025-201510

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 13.2.4 due to insufficient input sanitization and output escaping on Google Reviews data imported by the plugin. This makes it possible for unauthenticated...

PT-2025-49356

Name of the Vulnerable Software and Affected Versions Rich Shortcodes for Google Reviews plugin for WordPress versions prior to 6.8 Description The Rich Shortcodes for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization...

Malicious code in @kvytech/medusa-plugin-product-reviews (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e7d8c065be2eaeb4187aed0dbe61de9f0f0ee2b51d61330d9211866dff01504 The package @kvytech/medusa-plugin-product-reviews was found to contain malicious code. Source: ghsa-malware...

EUVD-2021-23437

Malware in sbrugna...

EUVD-2013-2447

Malware in sbrugna...

EUVD-2016-1895

Malware in sbrugna...

EUVD-2023-12181

Malicious code in bioql PyPI...

EUVD-2025-6715

Malicious code in bioql PyPI...

EUVD-2025-31413

Malicious code in bioql PyPI...

EUVD-2024-46458

Malicious code in bioql PyPI...

CVE-2025-9899

The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feedsave function. This makes it possible for...