Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
CodesupplyAbsolute Reviews

2 matches found

CVE
CVEadded 2024/09/27 5:31 a.m.39 views

CVE-2024-8965

CVE-2024-8965 details (WordPress Absolute Reviews plugin): All versions up to 1.1.3 are vulnerable to a Stored DOM-based Cross-Site Scripting (XSS) via the Name field of a custom post criterion. Exploitation requires at least Contributor–level authentication and above, enabling injection of scrip...

6.4CVSS5.5AI score0.00287EPSS
CVE
CVEadded 2023/07/12 7:21 a.m.31 views

CVE-2021-4426

CVE-2021-4426 affects the Absolute Reviews plugin for WordPress (versions up to and including 1.0.8). The root cause is missing or incorrect nonce validation in the metabox_review_save() function, enabling Cross-Site Request Forgery. An unauthenticated attacker could trick a site administrator in...

4.3CVSS4.2AI score0.005EPSS