111 matches found
CVE-2023-0424
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
CVE-2023-27612
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
CVE-2021-24753
The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue...
CVE-2021-4426
The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...
WordPress Site Reviews plugin < 7.2.5 - Unauthenticated Stored XSS vulnerability
Unauthenticated Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Site Reviews versions 7.2.5...
CVE-2025-1232
The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks...
PT-2025-11664 · Unknown · Site Reviews
Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 7.2.5 Description: The issue concerns the Site Reviews WordPress plugin, which does not properly sanitise and escape some of its review fields. This could allow unauthenticated users to perform...
WordPress plugin Site Reviews 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2020-36726
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...
CVE-2023-30479
Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce stampedio-product-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.io Product Reviews & UGC for WooCommerce: from n/a through = 2.3.2...
CVE-2023-49832
CVE-2023-49832 affects the WordPress Site Reviews plugin, specifically vulnerable
CVE-2023-49832 WordPress Site Reviews plugin <= 6.10.2 - Broken Access Control vulnerability
Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through = 6.10.2...
WordPress plugin Site Reviews 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress...
CVE-2024-8965
The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
CVE-2024-3050
The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...
PT-2024-23426 · WordPress · Site Reviews
Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 7.0.0 Description: The issue allows an attacker to manipulate client IP addresses retrieved from potentially untrusted headers, which can be used to bypass IP-based blocking. Recommendations: Fo...
CVE-2024-5218 Reviews and Rating – Google Reviews <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting
The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress WP Customer Reviews plugin < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection vulnerability
Malicious Redirect via HTTP-EQUIV Injection vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Customer Reviews versions 3.7.1...
WordPress Plugin WP Customer Reviews 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...