CVE-2019-25216

Name of the Vulnerable Software and Affected Versions Rich Review plugin for WordPress versions up to, and including, 1.7.4

Description The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body update parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability has been exploited in the wild, and affected versions are at risk.

Recommendations Update the Rich Review plugin for WordPress to the latest version to mitigate the risk of exploitation. As a temporary workaround, consider disabling the update parameter in the POST body until a patch is available. Restrict access to the Rich Review plugin to minimize the risk of exploitation.