Rich Showcase For Google Reviews
Monthly
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Rich Showcase for Google Reviews widget (richplugins plugin) affecting versions through 6.9.4.3, where improper input neutralization during web page generation allows authenticated attackers with high privileges to inject malicious scripts that execute in users' browsers. An attacker with administrative or plugin configuration access can store XSS payloads that will be executed for any user viewing the affected widget, potentially leading to session hijacking, credential theft, or defacement. While the CVSS score of 5.9 indicates moderate severity and requires user interaction and high privileges to exploit, the stored nature of this vulnerability means the payload persists and affects multiple users passively.
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Rich Showcase for Google Reviews widget (richplugins plugin) affecting versions through 6.9.4.3, where improper input neutralization during web page generation allows authenticated attackers with high privileges to inject malicious scripts that execute in users' browsers. An attacker with administrative or plugin configuration access can store XSS payloads that will be executed for any user viewing the affected widget, potentially leading to session hijacking, credential theft, or defacement. While the CVSS score of 5.9 indicates moderate severity and requires user interaction and high privileges to exploit, the stored nature of this vulnerability means the payload persists and affects multiple users passively.