CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

107 matches found

EUVD-2026-38666

The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

4.3CVSS5.7AI score

Exploits0References6

Nuclei•added 13 hours ago•20 views

Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...

8.8CVSS7.2AI score0.01856EPSS

Exploits1References3

EUVD•added 2026/04/16 9:31 a.m.•3 views

EUVD-2026-23207

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to...

6.1CVSS5.9AI score0.00328EPSS

Exploits0References3

Patchstack•added 2026/04/13 9:58 a.m.•2 views

WordPress Customer Reviews for WooCommerce plugin <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability

Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter vulnerability discovered by kai63001 in WordPress Plugin Customer Reviews for WooCommerce versions = 5.103.0...

5.3CVSS5.8AI score0.00673EPSS

Exploits0References1Affected Software1

Patchstack•added 2026/02/23 10:17 a.m.•4 views

WordPress WP Customer Reviews plugin <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter vulnerability

Reflected Cross-Site Scripting via 'wpcr3fname' Parameter vulnerability discovered by WordFence in WordPress Plugin WP Customer Reviews versions = 3.7.5...

7.2CVSS5.3AI score0.00255EPSS

Exploits0References1Affected Software1

Cvelist•added 2026/01/07 3:21 a.m.•26 views

CVE-2025-14891 Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

6.4CVSS0.00242EPSS

Exploits0References4

Positive Technologies•added 2025/12/18 12:0 a.m.•2 views

PT-2025-52188

Missing Authorization vulnerability in Mahmudul Hasan Arif WP Social Ninja wp-social-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Social Ninja: from n/a through = 3.20.1...

7AI score0.00195EPSS

Exploits0References2

NVD•added 2025/12/09 4:17 p.m.•1 views

CVE-2025-12705

The Social Reviews & Recommendations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in the 'trimtext' function in all versions up to, and including, 2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

7.2CVSS0.00315EPSS

Exploits0References6

RedhatCVE•added 2025/12/07 7:52 a.m.•9 views

CVE-2025-12499

The Rich Shortcodes for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contents of a Google Review in all versions up to, and including, 6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS5.2AI score0.0034EPSS

Exploits0References1

EUVD•added 2025/12/06 9:31 a.m.•3 views

EUVD-2025-201541

7.2CVSS4.8AI score0.0034EPSS

Exploits0References4

EUVD•added 2025/12/06 6:30 a.m.•4 views

EUVD-2025-201510

The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 13.2.4 due to insufficient input sanitization and output escaping on Google Reviews data imported by the plugin. This makes it possible for unauthenticated...

7.2CVSS4.9AI score0.00377EPSS

Exploits0References5

Positive Technologies•added 2025/12/06 12:0 a.m.•3 views

PT-2025-49356

Name of the Vulnerable Software and Affected Versions Rich Shortcodes for Google Reviews plugin for WordPress versions prior to 6.8 Description The Rich Shortcodes for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization...

7.2CVSS5.8AI score0.0034EPSS

Exploits0References9

OSSF Malicious Packages•added 2025/11/24 1:34 p.m.•5 views

Malicious code in @kvytech/medusa-plugin-product-reviews (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e7d8c065be2eaeb4187aed0dbe61de9f0f0ee2b51d61330d9211866dff01504 The package @kvytech/medusa-plugin-product-reviews was found to contain malicious code. Source: ghsa-malware...

6.9AI score

Exploits0References4

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2016-1895

Malware in sbrugna...

6.1CVSS6.3AI score0.00913EPSS

Exploits0References2

EUVD•added 2025/10/07 12:30 a.m.•6 views

EUVD-2013-2447

Malware in sbrugna...

4.3CVSS6.2AI score0.05268EPSS

Exploits2References8