3 matches found
CVE-2021-24296
The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled...
CVE-2021-24296
Vulnerability summary (CVE-2021-24296) : The WordPress WP Customer Reviews plugin (versions prior to 3.5.6) does not sufficiently sanitize certain plugin settings. This allows high-privilege users (administrators) to inject an XSS payload, which can be triggered on pages where reviews are enabled...
CVE-2021-24296 WP Customer Reviews < 3.5.6 - Authenticated Stored Cross-Site Scripting (XSS)
The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled...