CVE Catalog
CVE-2026-57354
MediumCVSS 6.5Summary
The JetReviews plugin version 3.0.0.1 and earlier contains a Cross Site Scripting (XSS) vulnerability exploitable by subscribers. It allows injection of malicious scripts into the page by a user with the subscriber role.
Risk Assessment
An attacker with subscriber role can steal other users' sessions, redirect them to malicious sites, or exfiltrate sensitive data, compromising system confidentiality and integrity.
Recommendation
Immediately update the JetReviews plugin to a version newer than 3.0.0.1, which includes a fix for the XSS vulnerability.
Original NVD description (English source)
Subscriber Cross Site Scripting (XSS) in JetReviews <= 3.0.0.1 versions.

