WordPress Widgets for Google Reviews plugin <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
6.5
Fixed in Version 13.2.2

Timeline

Publicly Published
2025-12-11
Created
2025-12-11

WordPress Widgets for Google Reviews plugin <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Scripting (XSS)
Score:
7.1
Fixed in Version 13.2.5

Timeline

Publicly Published
2025-12-08
Created
2025-12-05

WordPress Widgets for Google Reviews plugin <= 11.0.2 - Arbitrary File Upload vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Arbitrary File Upload
Score:
8
Fixed in Version 11.1

Timeline

Publicly Published
2023-11-22
Created
2023-11-22

Wordpress Widgets for Google Reviews plugin <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset vulnerability

Don't mute a vulnerability until you've confirmed your current version has a fix, or the issue doesn't affect your site.

Type:
Cross Site Request Forgery (CSRF)
Score:
4.3
Fixed in Version 10.9.1

Timeline

Publicly Published
2023-10-17
Created
2023-10-17