2 matches found
CVE-2024-6480
CVE-2024-6480 : SIP Reviews Shortcode for WooCommerce (WordPress) is vulnerable to Stored XSS via the no_of_reviews attribute in the woocommerce_reviews shortcode in all versions ≤ 1.2.3. An authenticated attacker with contributor-level access or higher can inject scripts that execute when a user...
CVE-2024-6479
CVE-2024-6479 affects the SIP Reviews Shortcode for WooCommerce WordPress plugin. The vulnerability is an SQL Injection via the no_of_reviews attribute in the woocommerce_reviews shortcode in all versions up to and including 1.2.3, caused by insufficient escaping of the user-supplied parameter an...