111 matches found
EUVD-2025-31413
Malicious code in bioql PyPI...
EUVD-2024-46458
Malicious code in bioql PyPI...
EUVD-2025-6715
Malicious code in bioql PyPI...
EUVD-2023-12181
Malicious code in bioql PyPI...
CVE-2025-9899
The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feedsave function. This makes it possible for...
CVE-2025-9899
The Trust Reviews plugin for WordPress (Trust Reviews) is vulnerable to Cross-Site Request Forgery in versions up to 1.0 due to missing nonce validation in feed_save. This could let unauthenticated attackers forge requests to create or modify feed entries by tricking a site administrator. Accordi...
CVE-2025-9899 Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery
The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feedsave function. This makes it possible for...
WordPress plugin The Trust Reviews plugin for Google Tripadvisor Yelp Airbnb and other platforms 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...
WordPress plugin Trustpilot Reviews 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-31473 · WordPress · Customer Reviews For Woocommerce
Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce plugin for WordPress versions prior to 5.80.3 Description: The Customer Reviews for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the author parameter. Insufficient inp...
CVE-2025-5845
The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘numColumns’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
CVE-2025-5845
The CVE-2025-5845 entry concerns the WordPress Affiliate Reviews plugin. A stored cross-site scripting (XSS) flaw exists in the numColumns parameter for all versions up to 1.0.6 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor l...
CVE-2025-5845 Affiliate Reviews <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter
The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘numColumns’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
PT-2025-29707 · WordPress · Affiliate Reviews
Name of the Vulnerable Software and Affected Versions: Affiliate Reviews plugin for WordPress versions up to and including 1.0.6 Description: The Affiliate Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting through the numColumns parameter. Insufficient input sanitization...
CVE-2025-7327 Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion
The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the...
PT-2025-28334 · WordPress · Widgets For Google Reviews
Name of the Vulnerable Software and Affected Versions: The Widget for Google Reviews plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary PHP files on the server via...
CVE-2024-3731
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
CVE-2024-3050
The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...
CVE-2023-0079
The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...
CVE-2023-1525
The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...