10 matches found
WordPress Customer Reviews for WooCommerce Plugin <= 5.61.0 is vulnerable to Broken Access Control
Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.61.0 Fixed in 5.62.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10614 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce10b4d9cbd7 Credits incognito...
WordPress Customer Reviews for WooCommerce Plugin <= 5.46.0 is vulnerable to Broken Access Control
Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.46.0 Fixed in 5.47.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3243 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 13d177cd2664 Credits Thura Moe...
CVE-2024-1849
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...
WordPress Customer Reviews for WooCommerce Plugin <= 5.38.9 is vulnerable to Arbitrary File Upload
Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions = 5.38.9 Fixed in 5.38.10 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6979 Patch priority Medium CVSS severity Medium 9.8 Developer Claim ownership PSID f2b42bb42f3b Credits Artem Guzhva...
WordPress Customer Reviews Collector for WooCommerce Plugin <= 3.9 is vulnerable to Arbitrary File Upload
Software Customer Reviews Collector for WooCommerce Type Plugin Vulnerable versions = 3.9 Fixed in 4.0 OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2023-48275 Patch priority Medium CVSS severity Medium 8 Developer Claim ownership PSID 9e0239dc9850 Credits Rafie Muhammad...
WordPress Plugin WP Customer Reviews Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Customer Reviews for WooCommerce Plugin < 5.16.0 is vulnerable to Local File Inclusion
Software Customer Reviews for WooCommerce Type Plugin Vulnerable versions 5.16.0 Fixed in 5.16.0 OWASP Top 10 A1: Injection Classification Local File Inclusion CVE CVE-2023-0080 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID 2a336810763e Credits István Márton Required...
WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to sending of test emails discovered by Muhammad Daffa Patchstack Alliance in WordPress Customer Reviews for WooCommerce plugin versions = 5.3.5. Solution Update the WordPress Customer Reviews for WooCommerce plugin to the latest available...
CVE-2021-24296
The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled...
WordPress wp-customer-reviews plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress wp-customer-reviews plugin. An attacker can explo...