EUVD-2021-23437

Malware in sbrugna...

EUVD-2021-11665

Malware in sbrugna...

CVE-2021-24753

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue...

CVE-2019-25216 Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting

The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2019-25216 Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting

The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2021-36861

Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...

CVE-2021-36861

Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...

CVE-2021-36861 WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...

CVE-2021-36861 WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rich Reviews by Starfish plugin = 1.9.14 at WordPress allows an attacker to delete reviews...

CVE-2021-36861

CVE-2021-36861 affects WordPress Rich Reviews by Starfish plugin versions &lt;= 1.9.14. The issue is a Cross-Site Request Forgery (CSRF) that can let an attacker delete reviews. Concrete exploitation details are not provided in the documents; there is no explicit mention of in‑the‑wild exploits. ...

WordPress plugin Rich Reviews by Starfish 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2022-10583 · Starfish · The Rich Reviews By Starfish

Name of the Vulnerable Software and Affected Versions: Rich Reviews by Starfish plugin versions = 1.9.14 Description: A Cross-Site Request Forgery CSRF issue allows an attacker to delete reviews. Recommendations: For Rich Reviews by Starfish plugin versions = 1.9.14, update to a version higher th...

WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to review deletion discovered by Ngo Van Thien Patchstack Alliance in WordPress Rich Reviews by Starfish plugin versions = 1.9.14. Solution No patched version available...

Rich Reviews <= 1.9.15 - Arbitrary Reviews Deletion via CSRF

The plugin does not have CSRF in place when deleting reviews, w which could allow attackers to make a logged in admin delete them via a CSRF attack...

WordPress Rich Reviews by Starfish plugin SQL injection vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Rich Reviews by Starfish plugin in...

CVE-2021-24753

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue...

CVE-2021-24753

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue...

CVE-2021-24753 Rich Reviews by Starfish < 1.9.6 - Admin+ SQL Injection

The Rich Reviews by Starfish WordPress plugin before 1.9.6 does not properly validate the orderby GET parameter of the pending reviews page before using it in a SQL statement, leading to an authenticated SQL injection issue...

WordPress和WordPress 插件 SQL注入漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the erection of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Rich Reviews by Starfish plugin in...