WordPress Plugin WP Customer Reviews Vulnerable to Cross-Site Scripting

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

WordPress Plugin WP Customer Reviews Vulnerable to Cross-Site Scripting

MINI-5798-rccm-mw23

Summary

A security issue in the WP Customer Reviews plugin for WordPress can allow attackers to inject malicious code into website pages. This could potentially allow them to steal user data or take control of the site. Update the plugin to the latest version to fix the vulnerability.

What to do

Update coredns-fips-1.12 to version 1.12.4-r2.
Update kuma-coredns-fips-1.12 to version 1.12.4-r2.

Affected software

Vendor	Product	Affected versions	Fix available
–	coredns-fips-1.12	<= 1.12.4-r2	1.12.4-r2
–	kuma-coredns-fips-1.12	<= 1.12.4-r2	1.12.4-r2

Original title

MINI-5798-rccm-mw23

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026