7 matches found
CVE-2023-4686
CVE-2023-4686 affects the WordPress WP Customer Reviews plugin up to and including version 3.6.6. The vulnerability, exposed by the ajax_enabled_posts function, allows authenticated users to retrieve sensitive data (post titles and slugs) including protected/trashed posts and other post types (e....
CVE-2024-1849
The CVE-2024-1849 entry concerns WP Customer Reviews for WordPress: versions prior to 3.7.1 expose an unvalidated parameter that allows contributors+ to redirect pages to a malicious URL. This is an Unvalidated Redirects and Forwards issue with a reported CVSS v3.1 base score of 5.4 (Medium). The...
CVE-2023-4648
CVE-2023-4648 affects the WP Customer Reviews plugin for WordPress. It is a Stored XSS in admin settings (versions
CVE-2021-24135
CVE-2021-24135 affects the WP Customer Reviews WordPress plugin (versions before 3.4.3). The vulnerability is due to unvalidated input and lack of output encoding, leading to Stored Cross-Site Scripting (XSS) where an attacker can inject arbitrary JavaScript/HTML. Public details in the provided d...
CVE-2021-24296
Vulnerability summary (CVE-2021-24296) : The WordPress WP Customer Reviews plugin (versions prior to 3.5.6) does not sufficiently sanitize certain plugin settings. This allows high-privilege users (administrators) to inject an XSS payload, which can be triggered on pages where reviews are enabled...
CVE-2016-10901
The vulnerability CVE-2016-10901 affects the WordPress plugin WP Customer Reviews, specifically versions before 3.0.9. The issue is a reflected/stored XSS in the plugin’s admin tools, which could allow arbitrary client-side code execution in privileged contexts. Supported by multiple sources (Red...
CVE-2016-10902
The CVE concerns the WordPress plugin wp-customer-reviews (before version 3.0.9). Multiple connected sources confirm a CSRF vulnerability in the admin tools of this plugin, with the issue described consistently across Red Hat, CNVD, CVE listings, and WP-related databases. The affected component i...