Lucene search
K

111 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:52 a.m.5 views

CVE-2023-0424

The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...

5.4CVSS5.7AI score0.00441EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:27 a.m.4 views

CVE-2023-27612

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...

6.5CVSS5.1AI score0.00401EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:6 a.m.6 views

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

6.5CVSS6.8AI score0.00369EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:3 p.m.7 views

CVE-2021-24753

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue...

7.2CVSS7.4AI score0.01497EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.5 views

CVE-2021-4426

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...

4.3CVSS5.8AI score0.005EPSS
Exploits1References1
Patchstack
Patchstack
added 2025/03/19 8:1 a.m.5 views

WordPress Site Reviews plugin < 7.2.5 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Site Reviews versions 7.2.5...

8.8CVSS7.3AI score0.01856EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/03/19 6:15 a.m.3 views

CVE-2025-1232

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks...

8.8CVSS7.3AI score0.01856EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/03/19 12:0 a.m.6 views

PT-2025-11664 · Unknown · Site Reviews

Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 7.2.5 Description: The issue concerns the Site Reviews WordPress plugin, which does not properly sanitise and escape some of its review fields. This could allow unauthenticated users to perform...

8.8CVSS9AI score0.01856EPSS
Exploits1References10
CNNVD
CNNVD
added 2025/03/19 12:0 a.m.4 views

WordPress plugin Site Reviews 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS7.4AI score0.01856EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:7 p.m.9 views

CVE-2020-36726

The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...

9.8CVSS7.3AI score0.01566EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2024/12/09 1:15 p.m.6 views

CVE-2023-30479

Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce stampedio-product-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.io Product Reviews & UGC for WooCommerce: from n/a through = 2.3.2...

5.3CVSS5.8AI score0.00486EPSS
Exploits0References3
CVE
CVE
added 2024/12/09 11:30 a.m.38 views

CVE-2023-49832

CVE-2023-49832 affects the WordPress Site Reviews plugin, specifically vulnerable

5.3CVSS5.8AI score0.00485EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/09 11:30 a.m.17 views

CVE-2023-49832 WordPress Site Reviews plugin <= 6.10.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through = 6.10.2...

5.3CVSS0.00485EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.4 views

WordPress plugin Site Reviews 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in WordPress...

4.3CVSS7.9AI score0.00385EPSS
Exploits0References1
NVD
NVD
added 2024/09/27 6:15 a.m.12 views

CVE-2024-8965

The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00295EPSS
Exploits0References2
OSV
OSV
added 2024/05/29 6:18 a.m.5 views

CVE-2024-3050

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...

9.1CVSS5.8AI score0.00565EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.8 views

PT-2024-23426 · WordPress · Site Reviews

Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 7.0.0 Description: The issue allows an attacker to manipulate client IP addresses retrieved from potentially untrusted headers, which can be used to bypass IP-based blocking. Recommendations: Fo...

9.1CVSS7.1AI score0.00565EPSS
Exploits2References4
Cvelist
Cvelist
added 2024/05/25 3:30 a.m.33 views

CVE-2024-5218 Reviews and Rating – Google Reviews <= 5.2 - Authenticated (Author+) Stored Cross-Site Scripting

The Reviews and Rating – Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's file upload feature in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

6.4CVSS6AI score0.00375EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/04/15 1:11 p.m.5 views

WordPress WP Customer Reviews plugin < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection vulnerability

Malicious Redirect via HTTP-EQUIV Injection vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin WP Customer Reviews versions 3.7.1...

5.4CVSS8.7AI score0.00495EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/04/15 12:0 a.m.5 views

WordPress Plugin WP Customer Reviews 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

5.4CVSS8.1AI score0.00495EPSS
Exploits2References2
Rows per page
Query Builder