| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2023-54360 | Joomla JLex Review 6.0.1 Reflected XSS via review_id Parameter | Jlexart | Joomla JLex Review | Medium | 6.1 | 2026-04-09 20:54:50 | Deep Dive |
| CVE-2026-39644 | WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability | Roxnor | Wp Ultimate Review | - | - | 2026-04-08 08:30:33 | Deep Dive |
| CVE-2026-32491 | WordPress WP Review Slider plugin <= 13.9 - Cross Site Scripting (XSS) vulnerability | jgwhite33 | WP Review Slider | 中危 | - | 2026-03-25 16:14:59 | Deep Dive |
| CVE-2026-32490 | WordPress WP TripAdvisor Review Slider plugin <= 14.1 - Cross Site Scripting (XSS) vulnerability | jgwhite33 | WP TripAdvisor Review Slider | 中危 | - | 2026-03-25 16:14:59 | Deep Dive |
| CVE-2026-25344 | WordPress Review Schema plugin <= 2.2.6 - Sensitive Data Exposure vulnerability | RadiusTheme | Review Schema | 中危 | - | 2026-03-25 16:14:43 | Deep Dive |
| CVE-2019-25638 | Meeplace Business Review Script Lastest SQL Injection via addclick.php | Meeplace | Meeplace Business Review Script | High | 7.1 | 2026-03-24 11:27:11 | Deep Dive |
| CVE-2026-4161 | Review Map by RevuKangaroo <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings | revukangaroo | Review Map by RevuKangaroo | Medium | 4.4 | 2026-03-21 03:27:07 | Deep Dive |
| CVE-2025-15157 | Starfish Review Generation & Marketing for WordPress <= 3.1.19 - Authenticated (Subscriber+) Arbitrary Options Update via srm_restore_options_defaults | starfishwp | Starfish Review Generation & Marketing for WordPress | High | 8.8 | 2026-02-13 21:23:04 | Deep Dive |
| CVE-2026-1076 | Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update | bramdnl | Star Review Manager | Medium | 4.3 | 2026-01-24 07:26:42 | Deep Dive |
| CVE-2026-24600 | WordPress Penci Review plugin <= 3.5 - Cross Site Scripting (XSS) vulnerability | PenciDesign | Penci Review | Medium | 6.5 | 2026-01-23 14:29:03 | Deep Dive |
| CVE-2026-24361 | WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability | ThimPress | LearnPress – Course Review | - | - | 2026-01-22 16:52:44 | Deep Dive |
| CVE-2025-14070 | Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation | xfinitysoft | Reviewify — Review Discounts & Photo/Video Reviews for WooCommerce | High | 7.5 | 2026-01-07 09:21:01 | Deep Dive |
| CVE-2025-14118 | Starred Review <= 1.4.2 - Reflected Cross-Site Scripting via PHP_SELF Variable | callumalden | Starred Review | Medium | 6.1 | 2026-01-07 09:20:54 | Deep Dive |
| CVE-2025-15248 | sunhailin12315 product-review 商品评价系统 Write a Review cross site scripting | sunhailin12315 | product-review 商品评价系统 | Low | 3.5 | 2025-12-30 12:32:11 | Deep Dive |
| CVE-2025-67628 | WordPress Review Disclaimer plugin <= 2.0.3 - Cross Site Scripting (XSS) vulnerability | AMP-MODE | Review Disclaimer | Medium | 5.9 | 2025-12-24 13:10:23 | Deep Dive |
| CVE-2025-63057 | WordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerability | Roxnor | Wp Ultimate Review | Medium | 6.5 | 2025-12-09 14:52:33 | Deep Dive |
| CVE-2025-66063 | WordPress WP Google Review Slider plugin <= 17.4 - Broken Access Control vulnerability | jgwhite33 | WP Google Review Slider | Medium | 5.4 | 2025-11-21 12:29:55 | Deep Dive |
| CVE-2025-12520 | WP Airbnb Review Slider <= 4.2 - Authenticated (Admin+) Stored Cross-Site Scripting | jgwhite33 | WP Airbnb Review Slider | Medium | 4.0 | 2025-11-07 05:29:58 | Deep Dive |
| CVE-2025-53573 | WordPress Epic Review Plugin <= 1.0.2 - Cross Site Scripting (XSS) Vulnerability | jegtheme | Epic Review | High | 7.1 | 2025-11-06 15:54:10 | Deep Dive |
| CVE-2025-58216 | WordPress WP Thumbtack Review Slider Plugin <= 2.6 - Cross Site Scripting (XSS) Vulnerability | jgwhite33 | WP Thumbtack Review Slider | Medium | 5.9 | 2025-08-27 17:45:50 | Deep Dive |