WordPress JReviews premium plugin <= 4.1.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by CraCkEr in WordPress JReviews premium plugin versions = 4.1.5. Solution No patched version is available...

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting PoC https://example.com/top-user-rated-listings?listview=2%22%3e%3cscript%3ealert1%3c%2fscript%3e=1...

JReviews <= 4.1.5 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/top-user-rated-listings?listview=2&q%22%3e%3cscript%3ealert1%3c%2fscript%3e=1...

WordPress / Joomla JReviews 4.1.5 Cross Site Scripting

┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...