19 matches found
CVE-2025-14452 WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter
The WP Customer Reviews plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpcr3fname' parameter in all versions up to, and including, 3.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...
WordPress plugin WP Customer Reviews 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
CVE-2016-10901
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...
EUVD-2016-1895
Malware in sbrugna...
CVE-2024-1849
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...
CVE-2024-1849 WP Customer Reviews < 3.7.1 - Malicious Redirect via HTTP-EQUIV Injection
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL...
PT-2024-18360 · WordPress · Wp Customer Reviews
Name of the Vulnerable Software and Affected Versions: WP Customer Reviews versions prior to 3.7.1 Description: The issue concerns the WP Customer Reviews WordPress plugin, where a parameter is not validated, allowing contributor and above users to redirect a page to a malicious URL. This poses a...
CVE-2023-4686 WP Customer Reviews <= 3.6.6 - Authenticated (Subscriber+) Sensitive Information Exposure
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajaxenabledposts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and...
CVE-2023-4686
CVE-2023-4686 affects the WordPress WP Customer Reviews plugin up to and including version 3.6.6. The vulnerability, exposed by the ajax_enabled_posts function, allows authenticated users to retrieve sensitive data (post titles and slugs) including protected/trashed posts and other post types (e....
WordPress WP Customer Reviews Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A security vulnerability exists in the WP Customer Reviews WordPress plugin before 3.5.6, which can ...
CVE-2021-24296
Vulnerability summary (CVE-2021-24296) : The WordPress WP Customer Reviews plugin (versions prior to 3.5.6) does not sufficiently sanitize certain plugin settings. This allows high-privilege users (administrators) to inject an XSS payload, which can be triggered on pages where reviews are enabled...
Wordpress WP Customer Reviews Cross-Site Scripting Vulnerability
Wordpress WP Customer Reviews is a Wordpress open source application plugin. A cross-site scripting vulnerability exists in the WP Customer Reviews WordPress plugin versions prior to 3.4.3. The vulnerability stems from the program not properly validating input and not encoding output. An attacker...
CVE-2021-24135
Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML...
CVE-2021-24135
CVE-2021-24135 affects the WP Customer Reviews WordPress plugin (versions before 3.4.3). The vulnerability is due to unvalidated input and lack of output encoding, leading to Stored Cross-Site Scripting (XSS) where an attacker can inject arbitrary JavaScript/HTML. Public details in the provided d...
CVE-2016-10901
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...
CVE-2016-10901
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...
Design/Logic Flaw
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools...
CVE-2016-10902
The CVE concerns the WordPress plugin wp-customer-reviews (before version 3.0.9). Multiple connected sources confirm a CSRF vulnerability in the admin tools of this plugin, with the issue described consistently across Red Hat, CNVD, CVE listings, and WP-related databases. The affected component i...
CVE-2016-10901
The vulnerability CVE-2016-10901 affects the WordPress plugin WP Customer Reviews, specifically versions before 3.0.9. The issue is a reflected/stored XSS in the plugin’s admin tools, which could allow arbitrary client-side code execution in privileged contexts. Supported by multiple sources (Red...