PT-2026-57408 · WordPress · Widgets For Google Reviews
Coih
·
Published
2026-07-11
·
Updated
2026-07-11
·
CVE-2026-11591
CVSS v3.1
4.4
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Widgets for Google Reviews versions prior to 13.4
Description
Stored Cross-Site Scripting occurs via admin settings due to insufficient input sanitization and output escaping. Authenticated attackers with editor-level permissions or higher can inject arbitrary web scripts into pages. These scripts execute when a user accesses the affected page. This issue specifically impacts multi-site installations and environments where
unfiltered html has been disabled.Recommendations
Update the plugin to version 13.4 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Widgets For Google Reviews