Lucene search
K

111 matches found

CNNVD
CNNVD
added 2023/06/07 12:0 a.m.5 views

WordPress Plugin Ultimate Reviews 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

9.8CVSS8.4AI score0.01566EPSS
Exploits1References4
OSV
OSV
added 2023/05/02 8:15 a.m.6 views

CVE-2023-1525

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS6.6AI score0.00501EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/05/02 7:4 a.m.45 views

CVE-2023-1525 Site Reviews < 6.7.1 - Admin+ Stored XSS

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5AI score0.00501EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/05/02 12:0 a.m.7 views

PT-2023-17053 · WordPress · Site Reviews

Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 6.7.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in ...

4.8CVSS5.3AI score0.00501EPSS
Exploits2References4
OSV
OSV
added 2023/04/24 7:15 p.m.3 views

CVE-2023-0424

The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.7AI score0.00441EPSS
Exploits2References1
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.15 views

WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS)

Software Site Reviews Type Plugin Vulnerable versions = 6.5.1 Fixed in 6.6.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27629 Patch priority Low CVSS severity Low 6.5 Developer Gemini Labs PSID 45dbc55b56d9 Credits Mika Required privilege...

6.5CVSS5.8AI score0.00411EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.9 views

WordPress Site Reviews Plugin <= 6.5.0 is vulnerable to Broken Access Control

Software Site Reviews Type Plugin Vulnerable versions = 6.5.0 Fixed in 6.6.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-27625 Patch priority Low CVSS severity Low 4.3 Developer Gemini Labs PSID d9f4b2bf1ed3 Credits Rafshanzani Suhada Required privileg...

6.3AI score0.00385EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2022/11/18 11:15 p.m.20 views

CVE-2022-45369

Auth. subscriber+ Broken Access Control vulnerability in Plugin for Google Reviews plugin = 2.2.2 on WordPress...

4.3CVSS0.00497EPSS
Exploits0References1
OSV
OSV
added 2022/11/18 11:15 p.m.4 views

CVE-2022-45369

Auth. subscriber+ Broken Access Control vulnerability in Plugin for Google Reviews plugin = 2.2.2 on WordPress...

4.3CVSS5.8AI score
Exploits0References1
CNNVD
CNNVD
added 2022/11/18 12:0 a.m.4 views

WordPress plugin Google Reviews 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS5.1AI score0.00497EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/11/18 12:0 a.m.10 views

PT-2022-27478 · Unknown · Plugin For Google Reviews

Name of the Vulnerable Software and Affected Versions: Plugin for Google Reviews versions prior to 2.2.3 Description: The issue is related to a Broken Access Control vulnerability. It affects the authentication mechanism for subscribers and above, potentially allowing unauthorized access...

4.3CVSS4.5AI score0.00497EPSS
Exploits0References3
OSV
OSV
added 2022/09/23 4:15 p.m.4 views

CVE-2022-40194

Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin = 5.3.5 at WordPress...

7.5CVSS5.8AI score0.00724EPSS
Exploits0References2
Prion
Prion
added 2022/09/23 4:15 p.m.14 views

Improper access control

Authenticated subscriber+ Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin = 5.3.5 at WordPress...

6.5CVSS8.6AI score0.00796EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.2 views

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

6.5CVSS6.6AI score0.00369EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.5 views

PT-2022-17357 · Yotpo · Yotpo Reviews For Woocommerce

Name of the Vulnerable Software and Affected Versions: Yotpo Reviews for WooCommerce WordPress plugin versions 2.0.4 and earlier Description: The issue concerns a lack of nonce check when updating settings, which could allow an attacker to make a logged-in admin change them via a CSRF attack. Thi...

6.5CVSS6.2AI score0.00369EPSS
Exploits1References4
NVD
NVD
added 2022/08/05 4:15 p.m.25 views

CVE-2021-36861

Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...

5.4CVSS0.00274EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/08/05 3:8 p.m.9 views

CVE-2021-36861 WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...

5.4CVSS5.5AI score0.00274EPSS
Exploits0References2
OSV
OSV
added 2022/01/28 8:15 p.m.3 views

CVE-2022-23979

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability discovered in Ultimate Reviews WordPress plugin versions = 3.0.15...

4.8CVSS5.8AI score0.00565EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/01/28 12:0 a.m.6 views

WordPress plugin 跨站脚本漏洞

WordPress plugin is a WordPress application plugin. WordPress Ultimate Reviews plugin 3.0.15 and earlier versions contain a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit this vulnerability to...

4.8CVSS5.2AI score0.00565EPSS
Exploits0References2
OSV
OSV
added 2022/01/03 1:15 p.m.4 views

CVE-2021-24973

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsraction AJAX action available to unauthenticated and any authenticated users, allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard...

6.1CVSS6.4AI score0.01314EPSS
Exploits2References2
Rows per page
Query Builder