Lucene search
K

111 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-31413

Malicious code in bioql PyPI...

6.1CVSS6.5AI score0.00116EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-46458

Malicious code in bioql PyPI...

6.4CVSS6.4AI score0.00375EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-6715

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01856EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-12181

Malicious code in bioql PyPI...

8.8CVSS8.6AI score0.01125EPSS
Exploits1References1
NVD
NVD
added 2025/09/27 7:15 a.m.9 views

CVE-2025-9899

The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feedsave function. This makes it possible for...

6.1CVSS0.00116EPSS
Exploits0References2
CVE
CVE
added 2025/09/27 6:47 a.m.27 views

CVE-2025-9899

The Trust Reviews plugin for WordPress (Trust Reviews) is vulnerable to Cross-Site Request Forgery in versions up to 1.0 due to missing nonce validation in feed_save. This could let unauthenticated attackers forge requests to create or modify feed entries by tricking a site administrator. Accordi...

6.1CVSS4.9AI score0.00116EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/27 6:47 a.m.13 views

CVE-2025-9899 Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery

The Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the feedsave function. This makes it possible for...

6.1CVSS0.00116EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/27 12:0 a.m.4 views

WordPress plugin The Trust Reviews plugin for Google Tripadvisor Yelp Airbnb and other platforms 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

6.1CVSS6.2AI score0.00116EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/09/22 12:0 a.m.3 views

WordPress plugin Trustpilot Reviews 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.2AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/07/31 12:0 a.m.12 views

PT-2025-31473 · WordPress · Customer Reviews For Woocommerce

Name of the Vulnerable Software and Affected Versions: Customer Reviews for WooCommerce plugin for WordPress versions prior to 5.80.3 Description: The Customer Reviews for WooCommerce plugin for WordPress is susceptible to Stored Cross-Site Scripting through the author parameter. Insufficient inp...

6.4CVSS6.1AI score0.0028EPSS
Exploits0References9
NVD
NVD
added 2025/07/16 7:15 a.m.5 views

CVE-2025-5845

The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘numColumns’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00225EPSS
Exploits0References4
CVE
CVE
added 2025/07/16 6:40 a.m.22 views

CVE-2025-5845

The CVE-2025-5845 entry concerns the WordPress Affiliate Reviews plugin. A stored cross-site scripting (XSS) flaw exists in the numColumns parameter for all versions up to 1.0.6 due to insufficient input sanitization and output escaping. Exploitation requires authenticated access at Contributor l...

6.4CVSS5.6AI score0.00225EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/07/16 6:40 a.m.9 views

CVE-2025-5845 Affiliate Reviews <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter

The Affiliate Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘numColumns’ parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

6.4CVSS0.00225EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/07/16 12:0 a.m.4 views

PT-2025-29707 · WordPress · Affiliate Reviews

Name of the Vulnerable Software and Affected Versions: Affiliate Reviews plugin for WordPress versions up to and including 1.0.6 Description: The Affiliate Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting through the numColumns parameter. Insufficient input sanitization...

6.4CVSS5.8AI score0.00225EPSS
Exploits0References7
Cvelist
Cvelist
added 2025/07/08 5:23 a.m.20 views

CVE-2025-7327 Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion

The Widget for Google Reviews plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.0.15 via the layout parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the...

8.8CVSS0.00785EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.17 views

PT-2025-28334 · WordPress · Widgets For Google Reviews

Name of the Vulnerable Software and Affected Versions: The Widget for Google Reviews plugin for WordPress versions up to, and including, 1.0.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary PHP files on the server via...

8.8CVSS7.4AI score0.00785EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:18 a.m.7 views

CVE-2024-3731

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS6.4AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:9 a.m.5 views

CVE-2024-3050

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...

9.1CVSS6.7AI score0.00565EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:40 a.m.8 views

CVE-2023-0079

The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site...

5.4CVSS6AI score0.00534EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:0 a.m.4 views

CVE-2023-1525

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00501EPSS
Exploits2References1
Rows per page
Query Builder