| CVE-2025-13880 | WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification | adreastrian | WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets | Medium | 6.5 | 2025-12-17 04:31:31 | Deep Dive |
| CVE-2025-13969 | Reviews Sorted <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute | eurisko | Reviews Sorted | Medium | 6.4 | 2025-12-12 03:20:50 | Deep Dive |
| CVE-2025-9436 | Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode | trustindex | Widgets for Google Reviews | Medium | 6.4 | 2025-12-11 03:27:12 | Deep Dive |
| CVE-2025-12705 | Social Reviews & Recommendations <= 2.5 - Unauthenticated Stored Cross-Site Scripting via Social Media Reviews | widgetpack | Reviews Widgets for Google, Yelp & TripAdvisor | High | 7.2 | 2025-12-09 13:51:07 | Deep Dive |
| CVE-2025-12499 | Rich Shortcodes for Google Reviews <= 6.8 - Unauthenticated Stored Cross-Site Scripting via Google Review | widgetpack | Rich Showcase for Google Reviews | High | 7.2 | 2025-12-06 07:29:12 | Deep Dive |
| CVE-2025-12510 | Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews | trustindex | Widgets for Google Reviews | High | 7.2 | 2025-12-06 03:27:04 | Deep Dive |
| CVE-2025-13007 | WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 3.20.3 - Unauthenticated Stored Cross-Site Scripting via External Content Import | adreastrian | WP Social Ninja – Embed Social Feeds, User Reviews & Chat Widgets | Medium | 6.1 | 2025-12-02 06:40:24 | Deep Dive |
| CVE-2025-12123 | Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting | trustindex | Customer Reviews Collector for WooCommerce | Medium | 6.1 | 2025-11-27 05:17:39 | Deep Dive |
| CVE-2025-62071 | WordPress Social proof testimonials and reviews by Repuso plugin <= 5.29 - Broken Access Control vulnerability | Repuso | Social proof testimonials and reviews by Repuso | Medium | 4.3 | 2025-10-22 14:32:54 | Deep Dive |
| CVE-2025-9899 | Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms <= 1.0 - Cross-Site Request Forgery | trustreviews | Trust Reviews plugin for Google, Tripadvisor, Yelp, Airbnb and other platforms | Medium | 6.1 | 2025-09-27 06:47:15 | Deep Dive |
| CVE-2025-57997 | WordPress Trustpilot Reviews Plugin <= 2.5.925 - Broken Access Control Vulnerability | Trustpilot | Trustpilot Reviews | Medium | 4.3 | 2025-09-22 18:24:18 | Deep Dive |
| CVE-2025-58667 | WordPress ListingPro Reviews plugin < 2.9.11 - Broken Access Control vulnerability | CridioStudio | ListingPro Reviews | Medium | 5.4 | 2025-09-22 18:22:57 | Deep Dive |
| CVE-2025-47570 | WordPress WooCommerce Photo Reviews plugin <= 1.3.13 - Cross Site Scripting (XSS) vulnerability | villatheme | WooCommerce Photo Reviews | High | 7.1 | 2025-09-09 16:25:28 | Deep Dive |
| CVE-2025-53565 | WordPress Widget for Google Reviews <= 1.0.15 - Local File Inclusion Vulnerability | RadiusTheme | Widget for Google Reviews | High | 8.1 | 2025-08-20 08:03:12 | Deep Dive |
| CVE-2025-54730 | WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability | PARETO Digital | Embedder for Google Reviews | Medium | 5.3 | 2025-08-14 18:21:40 | Deep Dive |
| CVE-2025-5720 | Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter | ivole | Customer Reviews for WooCommerce | Medium | 6.4 | 2025-07-31 04:26:21 | Deep Dive |
| CVE-2025-54295 | Extension - dj-extensions.com - Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla | dj-extensions.com | DJ-Reviews component for Joomla | 中危 | - | 2025-07-23 11:15:24 | Deep Dive |
| CVE-2025-5845 | Affiliate Reviews <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via numColumns Parameter | wpchop | Affiliate Reviews | Medium | 6.4 | 2025-07-16 06:40:42 | Deep Dive |
| CVE-2025-7327 | Widget for Google Reviews <= 1.0.15 - Authenticated (Subscriber+) Directory Traversal to Local File Inclusion | techlabpro1 | Widget for Google Reviews | High | 8.8 | 2025-07-08 05:23:35 | Deep Dive |
| CVE-2025-49266 | WordPress Ultimate Reviews plugin <= 3.2.14 - Reflected Cross Site Scripting (XSS) vulnerability | Rustaurius | Ultimate Reviews | High | 7.1 | 2025-06-17 15:01:25 | Deep Dive |