CVE-2021-24296

Summary

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled

Affected Software

VendorProductVersion RangeStatus
Go Web SolutionsWP Customer Reviews3.5.6 < 3.5.6affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References