Site Reviews <= 5.13.0 is vulnerable to Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Administrator

Published
2021-08-08

The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed

CVE

https://www.cve.org/CVERecord?id=CVE-2021-24603

CVSS

Score:4.8

Severity:Medium

Version: 5.13.0

There is a patch available in v5.13.1 and we strongly recommend you update to this version as soon as possible.