PT-2026-57408 · WordPress · Widgets For Google Reviews

Coih

·

Published

2026-07-11

·

Updated

2026-07-11

·

CVE-2026-11591

CVSS v3.1

4.4

Medium

VectorAV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Widgets for Google Reviews versions prior to 13.4
Description Stored Cross-Site Scripting occurs via admin settings due to insufficient input sanitization and output escaping. Authenticated attackers with editor-level permissions or higher can inject arbitrary web scripts into pages. These scripts execute when a user accesses the affected page. This issue specifically impacts multi-site installations and environments where unfiltered html has been disabled.
Recommendations Update the plugin to version 13.4 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-11591

Affected Products

Widgets For Google Reviews