RSS   Vulnerabilities for 'Site reviews'   RSS

2022-01-03
 
CVE-2021-24973

CWE-79
 

 
The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin

 
2021-09-06
 
CVE-2021-24603

CWE-79
 

 
The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed

 


Copyright 2024, cxsecurity.com

 

Back to Top