Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.
Published: 2026-03-13
Score: 5.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Stored cross-site scripting
Action: Update plugin
AI Analysis

Impact

The vulnerability is an improper neutralization of input during web page generation (cross‑site scripting). Key detail from official description: it allows stored XSS in the Rich Showcase for Google Reviews plugin. The flaw permits malicious scripts to be stored and subsequently served to site visitors.

Affected Systems

The affected product is the WordPress Rich Showcase for Google Reviews widget-google-reviews, all releases from the earliest available version up to and including 6.9.4.3. The vendor listed is richplugins:Rich Showcase for Google Reviews.

Risk and Exploitability

The CVSS base score is 5.9, indicating medium severity. EPSS is below 1%, suggesting a low probability of exploitation. This vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that exploitation requires submission or modification of content that is stored by the plugin and later rendered, but no explicit attack path or real‑world impact is documented.

Generated by OpenCVE AI on March 19, 2026 at 15:49 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Rich Showcase for Google Reviews to a version newer than 6.9.4.3
  • If an update cannot be applied immediately, disable or uninstall the plugin to eliminate the risk

Generated by OpenCVE AI on March 19, 2026 at 15:49 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Richplugins
Richplugins rich Showcase For Google Reviews
Wordpress
Wordpress wordpress
Vendors & Products Richplugins
Richplugins rich Showcase For Google Reviews
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in richplugins Rich Showcase for Google Reviews widget-google-reviews allows Stored XSS.This issue affects Rich Showcase for Google Reviews: from n/a through <= 6.9.4.3.
Title WordPress Rich Showcase for Google Reviews plugin <= 6.9.4.3 - Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References

Subscriptions

Richplugins Rich Showcase For Google Reviews
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:58.796Z

Reserved: 2026-03-12T11:10:53.773Z

Link: CVE-2026-32360

cve-icon Vulnrichment

Updated: 2026-03-13T19:00:25.014Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:49.797

Modified: 2026-03-16T14:53:46.157

Link: CVE-2026-32360

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:58:57Z

Weaknesses