CVE-2026-6864

Name of the Vulnerable Software and Affected Versions CBX 5 Star Rating & Review versions prior to 1.0.8

Description The CBX 5 Star Rating & Review plugin for WordPress is subject to Reflected Cross-Site Scripting (XSS), a flaw where an application includes untrusted data in a web page without proper validation. This occurs due to insufficient input sanitization and output escaping in the page parameter. Unauthenticated attackers can exploit this by injecting arbitrary web scripts into pages, which execute when an administrator is tricked into clicking a malicious link.

Recommendations Update the plugin to a version later than 1.0.7. As a temporary workaround, restrict or monitor the use of the page parameter to minimize the risk of exploitation.