Wordpress
July 20, 2020

Unauthenticated Stored Cross Site Scripting in WP Product Review

During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review plugin.

Current State of the Vulnerability

Though this security bug was fixed in the 3.7.6 release, older versions can be exploited by an attacker without any account in the vulnerable site. We are not aware of any exploit attempts currently using this vulnerability.

Continue reading Unauthenticated Stored Cross Site Scripting in WP Product Review at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

Reflected XSS in WordPress v5.5.1 and Lower

WordPress released version 5.5.2 yesterday, which fixed a reflected XSS vulnerability we reported earlier this year. The root cause of…

Read Story
Wordpress
October 30, 2020

Authentication Bypass Vulnerability in InfiniteWP Client

An authentication bypass vulnerability affecting more than 300,000 InfiniteWP Client plugin users has recently been disclosed to the public. This…

Read Story
Wordpress
July 4, 2020

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 25, 2024 to March 31, 2024)

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for…

Read Story
Wordpress
April 4, 2024

Emergency WordPress Help

One of our techs will get back to you within minutes.