← Back

Gowebsolutions

gowebsolutions

7 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Wp Customer Reviews
wp_customer_reviews
7 CVEs

CVEs (7)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-1849
1Gowebsolutions
1Wp Customer Reviews
Jun 17, 2026
Apr 15, 2024
N/A· v4
5.4 MEDIUM· v3
N/A· v2
The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL
CVE-2023-4686
1Gowebsolutions
1Wp Customer Reviews
Jun 17, 2026
Nov 22, 2023
N/A· v4
4.3 MEDIUM· v3
N/A· v2
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract...Show more
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.Show less
CVE-2023-4648
1Gowebsolutions
1Wp Customer Reviews
Jun 17, 2026
Oct 20, 2023
N/A· v4
4.8 MEDIUM· v3
N/A· v2
The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes...Show more
The WP Customer Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.Show less
CVE-2021-24296
1Gowebsolutions
1Wp Customer Reviews
Jun 17, 2026
May 24, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where re...Show more
The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabledShow less
CVE-2021-24135
1Gowebsolutions
1Wp Customer Reviews
Jun 17, 2026
Mar 18, 2021
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary...Show more
Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML.Show less
CVE-2016-10902
1Gowebsolutions
1Wp Customer Reviews
Nov 21, 2024
Aug 21, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
The wp-customer-reviews plugin before 3.0.9 for WordPress has CSRF in the admin tools.
CVE-2016-10901
1Gowebsolutions
1Wp Customer Reviews
Nov 21, 2024
Aug 21, 2019
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.