Lucene search
K

111 matches found

CNNVD
CNNVD
added 2022/01/03 12:0 a.m.7 views

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Site Reviews, which stems from the program not filtering and escaping the...

6.1CVSS5.3AI score0.01314EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/12/27 12:0 a.m.5 views

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Rich Reviews by Starfish plugin in...

7.2CVSS6AI score0.01497EPSS
Exploits2References2
wpexploit
wpexploit
added 2021/12/06 12:0 a.m.372 views

Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin...

6.1CVSS0.01314EPSS
Exploits2References1
OSV
OSV
added 2021/09/06 11:15 a.m.7 views

CVE-2021-24603

The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed...

5.4CVSS5.8AI score0.00624EPSS
Exploits2References1
Patchstack
Patchstack
added 2021/08/09 12:0 a.m.17 views

WordPress Site Reviews plugin <= 5.13.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Site Reviews plugin versions = 5.13.0. Solution Update the WordPress Site Reviews plugin to the latest available version at least 5.13.1...

5.4CVSS2.4AI score0.00624EPSS
Exploits2References3Affected Software1
CNNVD
CNNVD
added 2021/08/02 12:0 a.m.4 views

WordPress和WordPress 插件 SQL注入漏洞

WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Handsome Testimonials&Reviews plugin is an application plugin for WordPress. Versions of the WordPress Handsome...

8.8CVSS6.1AI score0.01599EPSS
Exploits2References2
CNNVD
CNNVD
added 2021/05/24 12:0 a.m.3 views

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WP Customer Reviews WordPress plugin before 3.5.6, which can ...

4.8CVSS5.4AI score0.00617EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2019/09/25 4:28 p.m.108 views

Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS

An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting XSS attacks. Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads; and...

8.8AI score0.62119EPSS
Exploits0References6
CNVD
CNVD
added 2019/08/23 12:0 a.m.6 views

WordPress wp-customer-reviews plugin cross-site request forgery vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress wp-customer-reviews plugin. An attacker can...

8.8CVSS6.7AI score0.0068EPSS
Exploits0References1
CVE
CVE
added 2019/08/21 12:45 p.m.36 views

CVE-2016-10902

The CVE concerns the WordPress plugin wp-customer-reviews (before version 3.0.9). Multiple connected sources confirm a CSRF vulnerability in the admin tools of this plugin, with the issue described consistently across Red Hat, CNVD, CVE listings, and WP-related databases. The affected component i...

8.8CVSS8.7AI score0.0068EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2013/03/22 9:0 p.m.54 views

CVE-2013-2501

CVE-2013-2501 affects the Terillion Reviews WordPress plugin, specifically versions before 1.2. The vulnerability is a reflected/stored XSS via the ProfileId field in the plugin’s UI, allowing remote attackers to inject arbitrary HTML/script. Impact is an XSS risk in sites running the affected pl...

4.3CVSS5.9AI score0.05268EPSS
Exploits2References7Affected Software1
Rows per page
Query Builder