Site Reviews

Wordfence Intelligence   >   Vulnerability Database   >   WordPress Plugins   >   Site Reviews

Information

Software Type Plugin
Software Slug site-reviews (view on wordpress.org)
Software Status Active
Software Author geminilabs
Software Website wordpress.org
Software Downloads 2,229,418
Software Active Installs 60,000
Software Record Last Updated April 20, 2024

11 Vulnerabilities

Site Reviews <= 6.11.6 - Authenticated (Author+) Stored Cross-Site Scripting
6.4
CVE-2024-29095
Mar 15, 2024
Researcher: isacaya
Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name
6.4
CVE-2024-2293
Mar 11, 2024
Researcher: stealthcopter
Site Reviews <= 6.10.2 - Missing Authorization
5.4
CVE-2023-49832
Aug 29, 2023
Researcher: Revan Arifio
Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
4.4
CVE-2023-1525
Apr 5, 2023
Researcher: Shreya Pohekar
Site Reviews <= 6.5.1 - Missing Authorization
5.4
CVE-2023-27625
Mar 13, 2023
Researcher: Rafshanzani Suhada
Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute
6.4
CVE-2023-27629
Mar 13, 2023
Researcher: Mika
Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode
6.4
CVE-2023-27612
Mar 13, 2023
Researcher: Rafshanzani Suhada
Site Reviews <= 6.2.0 - Unauthenticated CSV Injection
6.5
CVE-2022-46801
Jan 27, 2023
Researcher: Mika
Site Reviews <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting
7.2
CVE-2021-24973
Dec 6, 2021
Researcher: Krzysztof Zając
Site Reviews <= 5.13.0 - Admin+ Stored Cross-Site Scripting
5.5
CVE-2021-24603
Aug 9, 2021
Researcher: Asif Nawaz Minhas
Site Reviews <= 2.15.2 - Cross-Site Scripting
6.1
CVE-2018-0603
May 28, 2018
Researcher: Keita Uchida
Title CVE ID CVSS Researchers Date
Site Reviews <= 6.11.6 - Authenticated (Author+) Stored Cross-Site Scripting CVE-2024-29095 6.4 isacaya March 15, 2024
Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name CVE-2024-2293 6.4 stealthcopter March 11, 2024
Site Reviews <= 6.10.2 - Missing Authorization CVE-2023-49832 5.4 Revan Arifio August 29, 2023
Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting CVE-2023-1525 4.4 Shreya Pohekar April 5, 2023
Site Reviews <= 6.5.1 - Missing Authorization CVE-2023-27625 5.4 Rafshanzani Suhada March 13, 2023
Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute CVE-2023-27629 6.4 Mika March 13, 2023
Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode CVE-2023-27612 6.4 Rafshanzani Suhada March 13, 2023
Site Reviews <= 6.2.0 - Unauthenticated CSV Injection CVE-2022-46801 6.5 Mika January 27, 2023
Site Reviews <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting CVE-2021-24973 7.2 Krzysztof Zając December 6, 2021
Site Reviews <= 5.13.0 - Admin+ Stored Cross-Site Scripting CVE-2021-24603 5.5 Asif Nawaz Minhas August 9, 2021
Site Reviews <= 2.15.2 - Cross-Site Scripting CVE-2018-0603 6.1 Keita Uchida May 28, 2018

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation