Product:

Site_reviews

(Geminilabs)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 7
Date Id Summary Products Score Patch Annotated
2023-11-07 CVE-2022-46801 Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from n/a through 6.2.0. Site_reviews 9.8
2023-05-02 CVE-2023-1525 The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). Site_reviews 4.8
2023-06-22 CVE-2023-27612 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions. Site_reviews 5.4
2023-06-22 CVE-2023-27629 Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions. Site_reviews 5.4
2022-01-03 CVE-2021-24973 The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewing the Tool dashboard of the plugin Site_reviews 6.1
2021-09-06 CVE-2021-24603 The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed Site_reviews 5.4
2018-06-26 CVE-2018-0603 Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Site_reviews 6.1