111 matches found
WordPress plugin 跨站脚本漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress plugin Site Reviews, which stems from the program not filtering and escaping the...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Rich Reviews by Starfish plugin in...
Site Reviews < 5.17.3 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin...
CVE-2021-24603
The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfilteredhtml is disallowed...
WordPress Site Reviews plugin <= 5.13.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Site Reviews plugin versions = 5.13.0. Solution Update the WordPress Site Reviews plugin to the latest available version at least 5.13.1...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.Handsome Testimonials&Reviews plugin is an application plugin for WordPress. Versions of the WordPress Handsome...
WordPress 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WP Customer Reviews WordPress plugin before 3.5.6, which can ...
Unpatched Bug Under Active Attack Threatens WordPress Sites with XSS
An unpatched vulnerability in the Rich Reviews plugin for WordPress is putting an estimated 16,000 sites in danger of stored cross-site scripting XSS attacks. Sites running the plugin are vulnerable to unauthenticated plugin option updates, which can be used to deliver malware payloads; and...
WordPress wp-customer-reviews plugin cross-site request forgery vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the WordPress wp-customer-reviews plugin. An attacker can...
CVE-2016-10902
The CVE concerns the WordPress plugin wp-customer-reviews (before version 3.0.9). Multiple connected sources confirm a CSRF vulnerability in the admin tools of this plugin, with the issue described consistently across Red Hat, CNVD, CVE listings, and WP-related databases. The affected component i...
CVE-2013-2501
CVE-2013-2501 affects the Terillion Reviews WordPress plugin, specifically versions before 1.2. The vulnerability is a reflected/stored XSS via the ProfileId field in the plugin’s UI, allowing remote attackers to inject arbitrary HTML/script. Impact is an XSS risk in sites running the affected pl...