VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 13 known issues Latest disclosed Feb 26, 2025

Site Reviews Vulnerabilities

Review known vulnerability records for the WordPress plugin Site Reviews (`site-reviews`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-1232, CVE-2024-3050 and CVE-2024-29095, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed
Known Records
13
High or Critical
1
Patch Coverage
100%
Last Updated
Mar 24, 2025
Priority CVE Quick Links

Fast paths into Site Reviews CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs
13
CVE-2021-24973 High 5.17.3
CVE-2021-24973 Site Reviews Stored Cross-Site Scripting

Site Reviews <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting

CVE-2022-46801 Medium 6.4.0
CVE-2022-46801 Site Reviews Vulnerability

Site Reviews <= 6.2.0 - Unauthenticated CSV Injection

CVE-2024-29095 Medium 6.11.7
CVE-2024-29095 Site Reviews Stored Cross-Site Scripting

Site Reviews <= 6.11.6 - Authenticated (Author+) Stored Cross-Site Scripting

CVE-2024-2293 Medium 6.11.7
CVE-2024-2293 Site Reviews Stored Cross-Site Scripting

Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name

CVE-2023-27612 Medium 6.6.0
CVE-2023-27612 Site Reviews Stored Cross-Site Scripting

Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

CVE-2023-27629 Medium 6.6.0
CVE-2023-27629 Site Reviews Stored Cross-Site Scripting

Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute

CVE-2025-1232 Medium 7.2.5
CVE-2025-1232 Site Reviews Stored Cross-Site Scripting

Site Reviews <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting

CVE-2018-0603 Medium 2.15.3
CVE-2018-0603 Site Reviews Cross-Site Scripting

Site Reviews <= 2.15.2 - Cross-Site Scripting

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Site Reviews so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility
13 records include a published patch path, leaving 0 with no listed safe release yet.
Severity Mix
0 critical and 1 high severity finding.
Recent CVEs
CVE-2025-1232, CVE-2024-3050 and CVE-2024-29095
Reference Workflow
Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.
Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

Known Vulnerabilities

Reports for Site Reviews

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-1232
CVE-2025-1232: Site Reviews <= 7.2.4 - Unauthenticated Stored Cross-Site Scripting

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages...

Published
Feb 26, 2025
Patched Release
7.2.5
Affected Versions
Versions up to 7.2.4
Next Step
Update to 7.2.5 or newer if supported.
Open CVE-2025-1232 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3050
CVE-2024-3050: Site Reviews <= 6.11.8 - IP Address Spoofing to Blocking Bypass

The Site Reviews plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 6.11.8 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthentica...

Published
May 08, 2024
Patched Release
7.0.0
Affected Versions
Versions up to 6.11.8
Next Step
Update to 7.0.0 or newer if supported.
Open CVE-2024-3050 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-29095
CVE-2024-29095: Site Reviews <= 6.11.6 - Authenticated (Author+) Stored Cross-Site Scripting

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.11.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to injec...

Published
Mar 15, 2024
Patched Release
6.11.7
Affected Versions
Versions up to 6.11.6
Next Step
Update to 6.11.7 or newer if supported.
Open CVE-2024-29095 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-2293
CVE-2024-2293: Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscribe...

Published
Mar 11, 2024
Patched Release
6.11.7
Affected Versions
Versions up to 6.11.4
Next Step
Update to 6.11.7 or newer if supported.
Open CVE-2024-2293 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-49832
CVE-2023-49832: Site Reviews <= 6.10.2 - Missing Authorization

The Site Reviews plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'assignPost' and 'unassignPost' functions in versions up to, and including, 6.10.2. This makes it possible for authenticated attackers to assign and u...

Published
Aug 29, 2023
Patched Release
6.10.3
Affected Versions
Versions before 6.10.3
Next Step
Update to 6.10.3 or newer if supported.
Open CVE-2023-49832 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-1525
CVE-2023-1525: Site Reviews <= 6.7.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 6.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level p...

Published
Apr 05, 2023
Patched Release
6.7.1
Affected Versions
Versions up to 6.7.0
Next Step
Update to 6.7.1 or newer if supported.
Open CVE-2023-1525 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-27625
CVE-2023-27625: Site Reviews <= 6.5.1 - Missing Authorization

The Site Reviews plugin for WordPress is vulnerable to setting modification and information disclosure due to lack of capability checks in a variety of functions, including rollbackPluginAjax, downloadConsole, downloadSystemInfo and exportSettings in versions up to, and including...

Published
Mar 13, 2023
Patched Release
6.6.0
Affected Versions
Versions up to 6.5.0
Next Step
Update to 6.6.0 or newer if supported.
Open CVE-2023-27625 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-27612
CVE-2023-27612: Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticate...

Published
Mar 13, 2023
Patched Release
6.6.0
Affected Versions
Versions up to 6.5.1
Next Step
Update to 6.6.0 or newer if supported.
Open CVE-2023-27612 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2023-27629
CVE-2023-27629: Site Reviews <= 6.5.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via block attribute

The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block attribute(s) in versions up to, and including, 6.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authen...

Published
Mar 13, 2023
Patched Release
6.6.0
Affected Versions
Versions up to 6.5.1
Next Step
Update to 6.6.0 or newer if supported.
Open CVE-2023-27629 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-46801
CVE-2022-46801: Site Reviews <= 6.2.0 - Unauthenticated CSV Injection

The Site Reviews plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.2.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a...

Published
Jan 27, 2023
Patched Release
6.4.0
Affected Versions
Versions up to 6.2.0
Next Step
Update to 6.4.0 or newer if supported.
Open CVE-2022-46801 Report Open CVE Reference
Plugin High Patched: Yes CVE-2021-24973
CVE-2021-24973: Site Reviews <= 5.17.2 - Unauthenticated Stored Cross-Site Scripting

The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action (available to unauthenticated and any authenticated users), allowing them to perform Cross-Site Scripting attacks against logged in admins viewin...

Published
Dec 06, 2021
Patched Release
5.17.3
Affected Versions
Versions up to 5.17.2
Next Step
Update to 5.17.3 or newer if supported.
Open CVE-2021-24973 Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2021-24603
CVE-2021-24603: Site Reviews <= 5.13.0 - Admin+ Stored Cross-Site Scripting

The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could allow them to perform Cross-Site Scripting attacks when the unfiltered_html is disallowed

Published
Aug 09, 2021
Patched Release
5.13.1
Affected Versions
Versions before 5.13.1
Next Step
Update to 5.13.1 or newer if supported.
Open CVE-2021-24603 Report Open CVE Reference