Lucene search
K

23 matches found

NVD
NVD
added 9 hours ago5 views

CVE-2026-13015

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS
Exploits0References5
EUVD
EUVD
added 11 hours ago4 views

EUVD-2026-40896

The Wp Google Places Review Slider plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'place' parameter in versions up to, and including, 18.1. This is due to insufficient input sanitization and output escaping in admin/partials/googlecrawldfs.php, where the $GET'place'...

6.1CVSS5.9AI score
Exploits0References5
CVE
CVE
added 11 hours ago8 views

CVE-2026-13015

The CVE-2026-13015 entry applies to the WordPress plugin “Wp Google Places Review Slider” (versions up to and including 18.1). The vulnerability is a Reflected Cross-Site Scripting (XSS) in admin/partials/googlecrawl_dfs.php via the 'place' GET parameter. The value from $_GET['place'] is URL-deco...

6.1CVSS5.9AI score
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-25053

Malicious code in bioql PyPI...

4.8CVSS5.1AI score0.0071EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-11570

Malicious code in bioql PyPI...

7.1CVSS7.7AI score0.00127EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:17 p.m.8 views

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

4.8CVSS6.5AI score0.0071EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/04/25 4:6 p.m.8 views

CVE-2025-39442

Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places Reviews: from n/a through = 1.4.7...

7.1CVSS7.2AI score0.00127EPSS
Exploits0References1
NVD
NVD
added 2025/04/17 4:15 p.m.15 views

CVE-2025-39442

Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews review-wave-google-places-reviews allows Stored XSS.This issue affects Review Wave – Google Places Reviews: from n/a through = 1.4.7...

7.1CVSS0.00127EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/17 3:16 p.m.8 views

CVE-2025-39442 WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MessageMetric Review Wave – Google Places Reviews allows Stored XSS. This issue affects Review Wave – Google Places Reviews: from n/a through 1.4.7...

7.1CVSS6.8AI score0.00127EPSS
Exploits0References1
CVE
CVE
added 2025/04/17 3:16 p.m.53 views

CVE-2025-39442

CVE-2025-39442 affects the WordPress plugin Review Wave – Google Places Reviews (Review Wave – Google Places Reviews) up to version 1.4.7. The issue is a Cross-Site Request Forgery (CSRF) vulnerability that enables Stored XSS, with CVSS v3.1 base score 7.1 (High). Public references in the provide...

7.1CVSS7.2AI score0.00127EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/04/17 9:36 a.m.7 views

WordPress Review Wave – Google Places Reviews plugin <= 1.4.7 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by johska Patchstack Alliance in WordPress Plugin Review Wave – Google Places Reviews versions = 1.4.7...

7.1CVSS8.2AI score0.00127EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/04/17 12:0 a.m.2 views

WordPress plugin Review Wave – Google Places Reviews 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL. WordPress plugin is an application...

7.1CVSS7AI score0.00127EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/04/17 12:0 a.m.3 views

PT-2025-17009 · Unknown · Review Wave – Google Places Reviews

Name of the Vulnerable Software and Affected Versions: Review Wave – Google Places Reviews versions 1.4.7 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the...

7.1CVSS7.3AI score0.00127EPSS
Exploits0References3
CNVD
CNVD
added 2022/06/15 12:0 a.m.20 views

WordPress Google Places Reviews plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS4.8AI score0.0071EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.4 views

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

4.8CVSS5.8AI score0.0071EPSS
Exploits2References2
NVD
NVD
added 2022/06/13 1:15 p.m.28 views

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

4.8CVSS0.0071EPSS
Exploits2References1
OSV
OSV
added 2022/06/13 1:15 p.m.4 views

CVE-2022-1772

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

4.8CVSS5.8AI score0.0071EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.27 views

CVE-2022-1772 Google Places Review < 2.0.0 - Admin+ Stored Cross Site Scripting

The Google Places Reviews WordPress plugin before 2.0.0 does not properly escape its Google API key setting, which is reflected on the site's administration panel. A malicious administrator could abuse this bug, in a multisite WordPress configuration, to trick super-administrators into viewing th...

5.3AI score0.0071EPSS
Exploits2References1
CVE
CVE
added 2022/06/13 12:42 p.m.2160 views

CVE-2022-1772

CVE-2022-1772 affects the WordPress Google Places Reviews plugin before 2.0.0. It is a stored cross-site scripting (XSS) vulnerability caused by not properly escaping the Google API key setting, which is exposed in the admin panel. In multisite WordPress deployments, a malicious administrator cou...

4.8CVSS4.9AI score0.0071EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/06/13 12:0 a.m.4 views

WordPress plugin Google Places Reviews 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

4.8CVSS5.3AI score0.0071EPSS
Exploits2References2
Rows per page
Query Builder