12 matches found
WordPress Widgets For Google Reviews Cross-Site Scripting Vulnerability
WordPress Widgets For Google Reviews is a category of WordPress plugins designed to help webmasters easily display Google Business Reviews Google reviews on their websites. WordPress Widgets For Google Reviews suffers from a cross-site scripting vulnerability that stems from stored cross-site...
CVE-2025-9436
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9436
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9436 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9436 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-9436
CVE-2025-9436 affects the WordPress plugin “Widgets for Google Reviews” (trustindex shortcode). All versions up to 13.2.1 are vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authenticated acces...
EUVD-2025-202662
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress Widgets for Google Reviews plugin <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via trustindex Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Widgets for Google Reviews versions = 13.2.1...
PT-2025-50575
The Widgets for Google Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's trustindex shortcode in all versions up to, and including, 13.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress plugin Widgets for Google Reviews 跨站脚本漏洞
WordPress Widgets For Google Reviews is a category of WordPress plugins designed to help webmasters easily display Google Business Reviews Google reviews on their websites. WordPress Widgets For Google Reviews suffers from a cross-site scripting vulnerability that stems from stored cross-site...
CVE-2025-8906
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-8906 Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Widgets for Tiktok Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trustindex-feed' shortcode in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...