WordPress WooCommerce Photo Reviews Plugin Content Injection Vulnerability

Vulnerability

A content injection vulnerability has been identified in the WordPress WooCommerce Photo Reviews plugin, affecting versions through 1.4.4. This vulnerability arises from improper neutralization of script-related HTML tags, allowing for basic cross-site scripting (XSS) and code injection into pages and posts.

Impact

Exploitation of this vulnerability could lead to unauthorized content injection, allowing attackers to manipulate website pages or posts. This could be used to insert phishing pages or other malicious content.

Added: Feb 26, 2026, 11:53 AM

Updated: Feb 26, 2026, 3:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.6

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.6

remediation

0.0

relevance

3.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress WooCommerce Photo Reviews Plugin Content Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating