Geminilabs Site Reviews — known CVE vulnerabilities
Every CVE whose affected-product data names Geminilabs Site Reviews, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2024-3050 — CVSS 9.1 (critical): The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to…
CVE-2025-1232 — CVSS 8.8 (high): The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow…
CVE-2023-27612 — CVSS 6.5 (medium): Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.
CVE-2023-27629 — CVSS 6.5 (medium): Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Paul Ryley Site Reviews plugin <= 6.5.1 versions.
CVE-2018-0603 — CVSS 6.1 (medium): Cross-site scripting vulnerability in Site Reviews versions prior to 2.15.3 allows remote attackers to inject arbitrary web script or HTML…
CVE-2021-24973 — CVSS 6.1 (medium): The Site Reviews WordPress plugin before 5.17.3 does not sanitise and escape the site-reviews parameter of the glsr_action AJAX action…
CVE-2022-46801 — CVSS 6.1 (medium): Improper Neutralization of Formula Elements in a CSV File vulnerability in Paul Ryley Site Reviews.This issue affects Site Reviews: from…
CVE-2021-24603 — CVSS 5.4 (medium): The Site Reviews WordPress plugin before 5.13.1 does not sanitise some of its Review Details when adding a review as an admin, which could…
CVE-2023-1525 — CVSS 4.8 (medium): The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users…