CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

34 matches found

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS7.2AI score0.01778EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2025-6715

Malicious code in bioql PyPI...

8.8CVSS8.7AI score0.01778EPSS

Exploits1References2

RedhatCVE•added 2025/05/23 9:9 a.m.•3 views

CVE-2024-3050

The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...

9.1CVSS6.7AI score0.00565EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 3:0 a.m.•2 views

CVE-2023-1525

The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00501EPSS

Exploits2References1

RedhatCVE•added 2025/05/23 2:27 a.m.•2 views

CVE-2023-27612

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...

6.5CVSS5.1AI score0.00343EPSS

Exploits0References1

Patchstack•added 2025/03/19 8:1 a.m.•3 views

WordPress Site Reviews plugin < 7.2.5 - Unauthenticated Stored XSS vulnerability

Unauthenticated Stored XSS vulnerability discovered by Dmitrii Ignatyev in WordPress Plugin Site Reviews versions 7.2.5...

8.8CVSS7.3AI score0.01778EPSS

Exploits1References1Affected Software1

OSV•added 2025/03/19 6:15 a.m.•1 views

CVE-2025-1232

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks...

8.8CVSS7.3AI score0.01778EPSS

Exploits1References1

CNNVD•added 2025/03/19 12:0 a.m.•2 views

WordPress plugin Site Reviews 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS7.4AI score0.01778EPSS

Exploits1References1

Positive Technologies•added 2025/03/19 12:0 a.m.•2 views

PT-2025-11664 · Unknown · Site Reviews

Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 7.2.5 Description: The issue concerns the Site Reviews WordPress plugin, which does not properly sanitise and escape some of its review fields. This could allow unauthenticated users to perform...

8.8CVSS9AI score0.01778EPSS

Exploits1References10

Cvelist•added 2024/12/09 11:30 a.m.•16 views

CVE-2023-49832 WordPress Site Reviews plugin <= 6.10.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through = 6.10.2...

5.3CVSS0.00476EPSS

Exploits0References1

CVE•added 2024/12/09 11:30 a.m.•36 views

CVE-2023-49832

CVE-2023-49832 affects the WordPress Site Reviews plugin, specifically vulnerable

5.3CVSS5.8AI score0.00476EPSS

Exploits0References1

CNNVD•added 2024/12/09 12:0 a.m.•3 views

WordPress plugin Site Reviews 安全漏洞

4.3CVSS7.9AI score0.00385EPSS

Exploits0References1

OSV•added 2024/05/29 6:18 a.m.•2 views

CVE-2024-3050

9.1CVSS5.8AI score0.00565EPSS

Exploits2References1

Positive Technologies•added 2024/05/29 12:0 a.m.•5 views

PT-2024-23426 · WordPress · Site Reviews

Name of the Vulnerable Software and Affected Versions: Site Reviews WordPress plugin versions prior to 7.0.0 Description: The issue allows an attacker to manipulate client IP addresses retrieved from potentially untrusted headers, which can be used to bypass IP-based blocking. Recommendations: Fo...

9.1CVSS7.1AI score0.00565EPSS

Exploits2References4

CVE•added 2024/03/13 3:27 p.m.•41 views

CVE-2024-2293

CVE-2024-2293 is a Stored XSS in the Site Reviews WordPress plugin (all versions ≤ 6.11.4) via the user display name. Exploitation requires authenticated access (subscriber+) and can inject scripts executed on pages viewed by users. Patch/update to WordPress Site Reviews 6.11.7 or later (per the ...

6.4CVSS6.1AI score0.00551EPSS

Exploits0References3

Vulnrichment•added 2023/11/07 4:11 p.m.•12 views

CVE-2022-46801 WordPress Site Reviews plugin <= 6.2.0 - Unauth. CSV Injection vulnerability

A vulnerability in Gemini Labs Site Reviews site-reviews.This issue affects Site Reviews: from n/a through = 6.2.0...

6.1CVSS8.6AI score0.00702EPSS

Exploits0References1

Cvelist•added 2023/11/07 4:11 p.m.•23 views

CVE-2022-46801 WordPress Site Reviews Plugin <= 6.2.0 is vulnerable to CSV Injection

Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0...

6.1CVSS9.7AI score0.00702EPSS

Exploits0References1

OSV•added 2023/06/22 8:15 a.m.•2 views

CVE-2023-27612

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...

5.4CVSS5.8AI score0.00343EPSS

Exploits0References1

OSV•added 2023/06/22 8:15 a.m.•3 views

CVE-2023-27629

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Paul Ryley Site Reviews plugin = 6.5.1 versions...

5.4CVSS5.8AI score0.00352EPSS

Exploits0References1