CVE-2025-1232

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks

CVSS

No CVSS.

References

Link	Resource
https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:geminilabs:site_reviews:*:*:*:*:*:wordpress:*:*

History

09 May 2025, 12:00

Type	Values Removed	Values Added
CPE		cpe:2.3:a:geminilabs:site_reviews::::::wordpress::*
CWE		CWE-79
First Time		Geminilabs site Reviews Geminilabs
References	~~() https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/ -~~	() https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/ - Exploit, Third Party Advisory

19 Mar 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-03-19 06:15

Updated : 2025-05-09 12:00

NVD link : CVE-2025-1232

Mitre link : CVE-2025-1232

JSON object : View

Products Affected

geminilabs

site_reviews

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

JSON object

Attach tags to CVE-2025-1232

Attach tags to `CVE-2025-1232`