PT-2025-49325 · WordPress · Widgets For Google Reviews
Kishan Vyas
·
Published
2025-12-06
·
Updated
2025-12-15
·
CVE-2025-12510
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Widgets for Google Reviews versions prior to 13.2.5
Description
The Widgets for Google Reviews plugin for WordPress is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping when handling Google Reviews data. This allows unauthenticated attackers to inject arbitrary web scripts. These scripts will execute in the admin panel and potentially on the frontend when a user accesses imported reviews, provided the attacker can add a malicious review to a Google Place connected to the vulnerable site.
Recommendations
Update Widgets for Google Reviews to version 13.2.5 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Widgets For Google Reviews