Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
19054.8%CRITICAL

Related CVEs

9
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2025-1232The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacksHIGH8.876.5%Mar 19, 2025
CVE-2024-3050The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blockingCRITICAL9.142.6%May 29, 2024
CVE-2022-46801Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0.CRITICAL9.848.6%Nov 7, 2023
CVE-2023-27629Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.MEDIUM5.4Jun 22, 2023
CVE-2023-27612Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.MEDIUM5.4Jun 22, 2023
CVE-2023-1525The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).MEDIUM4.839.1%May 2, 2023
CVE-2021-24973The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the pluginMEDIUM6.1Jan 3, 2022
CVE-2021-24603The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowedMEDIUM5.4Sep 6, 2021
CVE-2018-0603Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.NONE67.1%Jun 26, 2018