117 matches found
Site Reviews < 7.2.5 - Unauthenticated Stored XSS
Site Reviews WordPress plugin before 7.2.5 contains a stored cross-site scripting caused by improper sanitization and escaping of review fields, letting unauthenticated users execute malicious scripts, exploit requires no authentication. id: CVE-2025-1232 info: name: Site Reviews 7.2.5 -...
CVE-2026-57318
Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...
EUVD-2026-39731
Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...
CVE-2026-57318 WordPress Site Reviews plugin <= 8.0.11 - Sensitive Data Exposure vulnerability
Subscriber Sensitive Data Exposure in Site Reviews = 8.0.11 versions...
CVE-2026-57318
Affected software : WordPress Site Reviews plugin (
CVE-2023-49832
Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through = 6.10.2...
CVE-2025-1232
The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks...
EUVD-2018-1413
Malware in sbrugna...
EUVD-2021-11885
Malware in sbrugna...
EUVD-2023-53740
Malicious code in bioql PyPI...
EUVD-2024-26134
Malicious code in bioql PyPI...
EUVD-2022-49583
Malicious code in bioql PyPI...
EUVD-2023-23769
Malicious code in bioql PyPI...
EUVD-2025-6715
Malicious code in bioql PyPI...
EUVD-2023-31361
Malicious code in bioql PyPI...
EUVD-2023-31365
Malicious code in bioql PyPI...
EUVD-2023-31348
Malicious code in bioql PyPI...
CVE-2024-2293
The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and abov...
CVE-2024-3050
The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking...
CVE-2024-29095
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gemini Labs Site Reviews site-reviews.This issue affects Site Reviews: from n/a through = 6.11.6...