Vulnerabilities > Cusrev

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-16	CVE-2023-0079	Cross-site Scripting vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. network low complexity cusrev CWE-79	5.4
2024-01-11	CVE-2023-6979	Unrestricted Upload of File with Dangerous Type vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. network low complexity cusrev CWE-434	8.8
2023-02-13	CVE-2023-0080	Unspecified vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. network low complexity cusrev	8.8
2022-09-23	CVE-2022-38134	Unspecified vulnerability in Cusrev Customer Reviews for Woocommerce Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. network low complexity cusrev	8.8

Vulnerabilities > Cusrev {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Cusrev"}]}