Julian Chibuike Nwadinobi

**Name of the Vulnerable Software and Affected Versions** CBX 5 Star Rating & Review versions prior to 1.0.8 **Description** The CBX 5 Star Rating & Review plugin for WordPress is subject to Reflected Cross-Site Scripting (XSS), a flaw where an application includes untrusted data in a web page without proper validation. This occurs due to insufficient input sanitization and output escaping in the `page` parameter. Unauthenticated attackers can exploit this by injecting arbitrary web scripts into pages, which execute when an administrator is tricked into clicking a malicious link. **Recommendations** Update the plugin to a version later than 1.0.7. As a temporary workaround, restrict or monitor the use of the `page` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VatanSMS WP SMS versions prior to 1.02 **Description** The VatanSMS WP SMS plugin for WordPress contains a Reflected Cross-Site Scripting issue caused by insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which execute if an administrator is tricked into clicking a malicious link. The issue is triggered via the `page` parameter. **Recommendations** Update to a version later than 1.01. As a temporary workaround, restrict or sanitize the input received by the `page` parameter to prevent the execution of arbitrary scripts.