Cross Site Scripting Vulnerability in JetReviews by WordPress
CVE-2026-57354
6.5MEDIUM
What is CVE-2026-57354?
The JetReviews plugin for WordPress, up to version 3.0.0.1, contains a significant Cross Site Scripting (XSS) vulnerability that can be exploited by attackers. This issue arises from inadequate input validation, allowing malicious scripts to be executed in the browser of users interacting with the plugin. Successful exploitation could lead to a range of harmful activities, including the theft of session cookies, redirection to malicious websites, or other user data compromises. Website administrators are encouraged to review their installation and apply any available security patches.
Affected Version(s)
JetReviews <= 3.0.0.1