Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
WooCommerce Photo Reviews allows malicious code to be injected into web pages
CVE-2026-28132
Summary
A security flaw in WooCommerce Photo Reviews allows hackers to inject malicious code into a website, which could lead to unauthorized actions on the site. This affects versions of WooCommerce Photo Reviews up to 1.4.4. Update to the latest version to fix the issue.
Original title
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affect...
Original description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4.
nvd CVSS3.1
5.3
Vulnerability type
CWE-80
Basic XSS
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026