Wordpress
July 20, 2020

Unauthenticated Stored Cross Site Scripting in WP Product Review

During a routine research audit for our Sucuri Firewall, we discovered an Unauthenticated Persistent Cross-Site Scripting (XSS) affecting 40,000+ users of the WP Product Review plugin.

Current State of the Vulnerability

Though this security bug was fixed in the 3.7.6 release, older versions can be exploited by an attacker without any account in the vulnerable site. We are not aware of any exploit attempts currently using this vulnerability.

Continue reading Unauthenticated Stored Cross Site Scripting in WP Product Review at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

84,000 WordPress Sites Affected by Three Plugins With The Same Vulnerability

On November 5, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in…

Read Story
Wordpress
January 13, 2022

10,000 WordPress Sites Affected by Arbitrary File Read and Delete Vulnerability in InPost PL and InPost for WooCommerce WordPress Plugins

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to…

Read Story
Wordpress
August 16, 2024

Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and,…

Read Story
Wordpress
February 9, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.