111 matches found
WordPress Plugin Ultimate Reviews 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...
CVE-2023-1525
The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-1525 Site Reviews < 6.7.1 - Admin+ Stored XSS
The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
PT-2023-17053 · WordPress · Site Reviews
Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 6.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in ...
CVE-2023-0424
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...
WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS)
Software Site Reviews Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27629 Patch priority Low CVSS severity Low 6.5 Developer Gemini Labs PSID 45dbc55b56d9 Credits Mika Required privilege...
WordPress Site Reviews Plugin <= 6.5.0 is vulnerable to Broken Access Control
Software Site Reviews Type Plugin Vulnerable versions = 6.5.0 Fixed in 6.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27625 Patch priority Low CVSS severity Low 4.3 Developer Gemini Labs PSID d9f4b2bf1ed3 Credits Rafshanzani Suhada Required privileg...
CVE-2022-45369
Auth. subscriber+ Broken Access Control vulnerability in Plugin for Google Reviews plugin = 2.2.2 on WordPress...
CVE-2022-45369
Auth. subscriber+ Broken Access Control vulnerability in Plugin for Google Reviews plugin = 2.2.2 on WordPress...
WordPress plugin Google Reviews 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2022-27478 · Unknown · Plugin For Google Reviews
Name of the Vulnerable Software and Affected Versions: Plugin for Google Reviews versions prior to 2.2.3 Description: The issue is related to a Broken Access Control vulnerability. It affects the authentication mechanism for subscribers and above, potentially allowing unauthorized access...
CVE-2022-40194
Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin = 5.3.5 at WordPress...
Improper access control
Authenticated subscriber+ Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin = 5.3.5 at WordPress...
CVE-2022-2555
The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...
PT-2022-17357 · Yotpo · Yotpo Reviews For Woocommerce
Name of the Vulnerable Software and Affected Versions: Yotpo Reviews for WooCommerce WordPress plugin versions 2.0.4 and earlier Description: The issue concerns a lack of nonce check when updating settings, which could allow an attacker to make a logged-in admin change them via a CSRF attack. Thi...
CVE-2021-36861
Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...
CVE-2021-36861 WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...
CVE-2022-23979
Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability discovered in Ultimate Reviews WordPress plugin versions = 3.0.15...
WordPress plugin 跨站脚本漏洞
WordPress plugin is a WordPress application plugin. WordPress Ultimate Reviews plugin 3.0.15 and earlier versions contain a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit this vulnerability to...
CVE-2021-24973
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...