VYPR

SIP Reviews Shortcode for WooCommerce

by WordPress

CVEs (2)

  • CVE-2024-6480MedOct 31, 2024
    risk 0.42cvss 6.4epss 0.00

    The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output…

  • CVE-2024-6479MedOct 31, 2024
    risk 0.42cvss 6.5epss 0.00

    The SIP Reviews Shortcode for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'no_of_reviews' attribute in the woocommerce_reviews shortcode in all versions up to, and including, 1.2.3 due to insufficient escaping on the user supplied parameter and lack…