CVE Catalog

CVE-2026-57354

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The JetReviews plugin version 3.0.0.1 and earlier contains a Cross Site Scripting (XSS) vulnerability exploitable by subscribers. It allows injection of malicious scripts into the page by a user with the subscriber role.

Risk Assessment

An attacker with subscriber role can steal other users' sessions, redirect them to malicious sites, or exfiltrate sensitive data, compromising system confidentiality and integrity.

Recommendation

Immediately update the JetReviews plugin to a version newer than 3.0.0.1, which includes a fix for the XSS vulnerability.

Original NVD description (English source)

Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS