Cross Site Scripting Vulnerability in JetReviews by WordPress
CVE-2026-57354

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
2 July 2026

What is CVE-2026-57354?

The JetReviews plugin for WordPress, up to version 3.0.0.1, contains a significant Cross Site Scripting (XSS) vulnerability that can be exploited by attackers. This issue arises from inadequate input validation, allowing malicious scripts to be executed in the browser of users interacting with the plugin. Successful exploitation could lead to a range of harmful activities, including the theft of session cookies, redirection to malicious websites, or other user data compromises. Website administrators are encouraged to review their installation and apply any available security patches.

Affected Version(s)

JetReviews <= 3.0.0.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Austin Ginder | Patchstack Bug Bounty Program
.