CVE-2026-33135

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

EUVD-2026-13680

WeGIA is a web manager for charitable institutions. Versions 3.6.6 and below have a Reflected Cross-Site Scripting XSS vulnerability in the novomemorandoo.php endpoint. An attacker can inject arbitrary JavaScript into the sccs GET parameter, which is directly echoed into the HTML response without...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Sensitive Data Exposure

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-4686 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 07af2f4a4fb5 Credits Marco Wotschka Required...

WordPress WP Customer Reviews Plugin <= 3.6.6 is vulnerable to Cross Site Scripting (XSS)

Software WP Customer Reviews Type Plugin Vulnerable versions = 3.6.6 Fixed in 3.6.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4648 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 36513c06abe2 Credits Marco Wotschka...