CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1232 – Site Reviews < 7.2.5 - Unauthenticated Stored XSS
https://notcve.org/view.php?id=CVE-2025-1232
26 Feb 2025 — The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks El complemento Site Reviews de WordPress anterior a la versión 7.2.5 no depura ni escapa correctamente algunos de sus campos de revisión, lo que podría permitir que usuarios no autenticados realicen ataques XSS almacenado. The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, a... • https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3050 – Site Reviews < 7.0.0 - IP Spoofing
https://notcve.org/view.php?id=CVE-2024-3050
08 May 2024 — The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based blocking El complemento Site Reviews de WordPress anterior a 7.0.0 recupera direcciones IP de clientes de encabezados potencialmente no confiables, lo que permite a un atacante manipular su valor. Esto puede usarse para evitar el bloqueo basado en IP. The Site Reviews plugin for WordPress is vulnerable to IP Address... • https://wpscan.com/vulnerability/04c1581e-fd36-49d4-8463-b49915d4b1ac • CWE-290: Authentication Bypass by Spoofing •