Lucene search
K

19 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.3 views

CVE-2025-14452 WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter

The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

7.2CVSS5.8AI score0.00255EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin WP Customer Reviews 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

7.2CVSS5.7AI score0.00255EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/01/09 11:10 a.m.9 views

CVE-2016-10901

The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...

6.1CVSS6.2AI score0.00913EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2016-1895

Malware in sbrugna...

6.1CVSS6.3AI score0.00913EPSS
Exploits0References2
NVD
NVD
added 2024/04/15 5:15 a.m.32 views

CVE-2024-1849

The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...

5.4CVSS6.4AI score0.00495EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/04/15 5:0 a.m.17 views

CVE-2024-1849 WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection

The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...

6.7AI score0.00495EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.4 views

PT-2024-18360 · WordPress · Wp Customer Reviews

Name of the Vulnerable Software and Affected Versions: WP Customer Reviews versions prior to 3.7.1 Description: The issue concerns the WP Customer Reviews WordPress plugin, where a parameter is not validated, allowing contributor and above users to redirect a page to a malicious URL. This poses a...

5.4CVSS9.1AI score0.00495EPSS
Exploits2References6
Vulnrichment
Vulnrichment
added 2023/11/22 3:33 p.m.15 views

CVE-2023-4686 WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure

The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...

4.3CVSS6.6AI score0.00524EPSS
Exploits0References3
CVE
CVE
added 2023/11/22 3:33 p.m.89 views

CVE-2023-4686

CVE-2023-4686 affects the WordPress WP Customer Reviews plugin up to and including version 3.6.6. The vulnerability, exposed by the ajax_enabled_posts function, allows authenticated users to retrieve sensitive data (post titles and slugs) including protected/trashed posts and other post types (e....

4.3CVSS4.8AI score0.00524EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2021/07/09 12:0 a.m.6 views

WordPress WP Customer Reviews Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WP Customer Reviews WordPress plugin before 3.5.6, which can ...

4.8CVSS5.8AI score0.00617EPSS
Exploits2References1
CVE
CVE
added 2021/05/24 10:58 a.m.48 views

CVE-2021-24296

Vulnerability summary (CVE-2021-24296) : The WordPress WP Customer Reviews plugin (versions prior to 3.5.6) does not sufficiently sanitize certain plugin settings. This allows high-privilege users (administrators) to inject an XSS payload, which can be triggered on pages where reviews are enabled...

4.8CVSS4.8AI score0.00617EPSS
Exploits2References1Affected Software1
CNVD
CNVD
added 2021/03/22 12:0 a.m.9 views

Wordpress WP Customer Reviews Cross-Site Scripting Vulnerability

Wordpress WP Customer Reviews is a Wordpress open source application plugin. A cross-site scripting vulnerability exists in the WP Customer Reviews WordPress plugin versions prior to 3.4.3. The vulnerability stems from the program not properly validating input and not encoding output. An attacker...

6.1CVSS5.9AI score0.01085EPSS
Exploits2References1
NVD
NVD
added 2021/03/18 3:15 p.m.18 views

CVE-2021-24135

Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML...

6.1CVSS0.01085EPSS
Exploits2References1
CVE
CVE
added 2021/03/18 2:57 p.m.59 views

CVE-2021-24135

CVE-2021-24135 affects the WP Customer Reviews WordPress plugin (versions before 3.4.3). The vulnerability is due to unvalidated input and lack of output encoding, leading to Stored Cross-Site Scripting (XSS) where an attacker can inject arbitrary JavaScript/HTML. Public details in the provided d...

6.1CVSS6.2AI score0.01085EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2019/08/21 1:15 p.m.5 views

CVE-2016-10901

The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...

6.1CVSS5.8AI score0.00913EPSS
Exploits0References1
NVD
NVD
added 2019/08/21 1:15 p.m.15 views

CVE-2016-10901

The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...

6.1CVSS6.1AI score0.00913EPSS
Exploits0References1
Prion
Prion
added 2019/08/21 1:15 p.m.17 views

Design/Logic Flaw

The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...

4.3CVSS6.3AI score0.00913EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/21 12:45 p.m.36 views

CVE-2016-10902

The CVE concerns the WordPress plugin wp-customer-reviews (before version 3.0.9). Multiple connected sources confirm a CSRF vulnerability in the admin tools of this plugin, with the issue described consistently across Red Hat, CNVD, CVE listings, and WP-related databases. The affected component i...

8.8CVSS8.7AI score0.0068EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2019/08/21 12:42 p.m.43 views

CVE-2016-10901

The vulnerability CVE-2016-10901 affects the WordPress plugin WP Customer Reviews, specifically versions before 3.0.9. The issue is a reflected/stored XSS in the plugin’s admin tools, which could allow arbitrary client-side code execution in privileged contexts. Supported by multiple sources (Red...

6.1CVSS6AI score0.00913EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder