Lucene search
K
GowebsolutionsWp Customer Reviews

7 matches found

CVE
CVE
added 2023/11/22 3:33 p.m.89 views

CVE-2023-4686

CVE-2023-4686 affects the WordPress WP Customer Reviews plugin up to and including version 3.6.6. The vulnerability, exposed by the ajax_enabled_posts function, allows authenticated users to retrieve sensitive data (post titles and slugs) including protected/trashed posts and other post types (e....

4.3CVSS4.8AI score0.00524EPSS
CVE
CVE
added 2024/04/15 5:0 a.m.87 views

CVE-2024-1849

The CVE-2024-1849 entry concerns WP Customer Reviews for WordPress: versions prior to 3.7.1 expose an unvalidated parameter that allows contributors+ to redirect pages to a malicious URL. This is an Unvalidated Redirects and Forwards issue with a reported CVSS v3.1 base score of 5.4 (Medium). The...

5.4CVSS9.2AI score0.00495EPSS
CVE
CVE
added 2023/10/20 7:29 a.m.72 views

CVE-2023-4648

CVE-2023-4648 affects the WP Customer Reviews plugin for WordPress. It is a Stored XSS in admin settings (versions

4.8CVSS4.9AI score0.00303EPSS
CVE
CVE
added 2021/03/18 2:57 p.m.59 views

CVE-2021-24135

CVE-2021-24135 affects the WP Customer Reviews WordPress plugin (versions before 3.4.3). The vulnerability is due to unvalidated input and lack of output encoding, leading to Stored Cross-Site Scripting (XSS) where an attacker can inject arbitrary JavaScript/HTML. Public details in the provided d...

6.1CVSS6.2AI score0.01085EPSS
Web
CVE
CVE
added 2021/05/24 10:58 a.m.48 views

CVE-2021-24296

Vulnerability summary (CVE-2021-24296) : The WordPress WP Customer Reviews plugin (versions prior to 3.5.6) does not sufficiently sanitize certain plugin settings. This allows high-privilege users (administrators) to inject an XSS payload, which can be triggered on pages where reviews are enabled...

4.8CVSS4.8AI score0.00617EPSS
CVE
CVE
added 2019/08/21 12:42 p.m.43 views

CVE-2016-10901

The vulnerability CVE-2016-10901 affects the WordPress plugin WP Customer Reviews, specifically versions before 3.0.9. The issue is a reflected/stored XSS in the plugin’s admin tools, which could allow arbitrary client-side code execution in privileged contexts. Supported by multiple sources (Red...

6.1CVSS6AI score0.00913EPSS
CVE
CVE
added 2019/08/21 12:45 p.m.36 views

CVE-2016-10902

The CVE concerns the WordPress plugin wp-customer-reviews (before version 3.0.9). Multiple connected sources confirm a CSRF vulnerability in the admin tools of this plugin, with the issue described consistently across Red Hat, CNVD, CVE listings, and WP-related databases. The affected component i...

8.8CVSS8.7AI score0.0068EPSS