cleantalk
Vulnerabilities and Security Researches

Judge.me Product Reviews for WooCommerce, CVE-2023-0061

CVE, Research URL

CVE-2023-0061

Home page URL

Security reports for Judge.me Product Reviews for WooCommerce

Application

Judge.me Product Reviews for WooCommerce

Published on
Feb 13, 2023
Research Description
The Judge.me Product Reviews for WooCommerce WordPress plugin before 1.3.21 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Affected versions
Min -, max 1.3.21.
Status
vulnerable
Previous vulnerability researches
Judge.me Product Reviews for WooCommerce (CVE-2023-0061) , Jun 07, 2024
New vulnerability
My Reservation System (CVE-2025-7022) , Aug 02, 2025
Connector for Gravity Forms and Google Sheets (CVE-2025-54682) , Aug 02, 2025
Content Egg (CVE-2025-47536) , Aug 02, 2025
Smart Slider 3 (CVE-2025-6348) , Aug 02, 2025
Realtyna Organic IDX plugin + WPL Real Estate (CVE-2025-54052) , Aug 02, 2025