cleantalk
Vulnerabilities and Security Researches

CBX 5 Star Rating & Review, CVE-2026-6864

CVE, Research URL

CVE-2026-6864

Home page URL

Security reports for CBX 5 Star Rating & Review

Application

CBX 5 Star Rating & Review

Published on
May 22, 2026
Research Description
The CBX 5 Star Rating & Review plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.
Affected versions
max 1.0.8.
Status
vulnerable
Previous vulnerability researches
Payment Gateway for ACBA BANK (CVE-2024-13362) , May 03, 2026
New vulnerability
GSheet For Woo Importer (CVE-2026-4843) , May 24, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-27349) , May 24, 2026
Location Weather – Best Weather Forecast Widget Plugin for WordPress (CVE-2026-7249) , May 24, 2026
Hotel Booking Lite (CVE-2026-8684) , May 24, 2026
Alfie – Feed Plugin (CVE-2026-4070) , May 24, 2026