Vulnerabilities > CVE-2021-24296 - Unspecified vulnerability in Gowebsolutions WP Customer Reviews

047910
CVSS 4.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
gowebsolutions

Summary

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be triggered in pages where reviews are enabled

Vulnerable Configurations

Part Description Count
Application
Gowebsolutions
40