Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Trustindex — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting Trustindex. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Trustindex operates as a customer review platform that aggregates and displays user-generated feedback across various websites. Historically, the service has been associated with multiple remote code execution vulnerabilities, cross-site scripting flaws, and privilege escalation issues, with eight CVEs documented to date. These vulnerabilities often stem from improper input validation and insecure direct object references, potentially allowing attackers to compromise review data or gain unauthorized access. While no major public security incidents have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices, particularly in handling user-generated content and access controls.

Top products by Trustindex: Widgets for Google Reviews Widgets for Social Photo Feed Widgets for Tiktok Feed Customer Reviews Collector for WooCommerce
CVE IDTitleCVSSSeverityPublished
CVE-2025-14726 Widgets for Social Photo Feed <= 1.8 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints — Widgets for Social Photo FeedCWE-200 6.5 Medium2026-05-02
CVE-2026-5425 Widgets for Social Photo Feed <= 1.7.9 - Unauthenticated Stored Cross-Site Scripting via feed_data — Widgets for Social Photo FeedCWE-79 7.2 High2026-04-04
CVE-2025-68595 WordPress Widgets for Social Photo Feed plugin <= 1.8 - Broken Access Control vulnerability — Widgets for Social Photo FeedCWE-862 5.3 Medium2025-12-24
CVE-2025-9436 Widgets for Google Reviews <= 13.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via trustindex Shortcode — Widgets for Google ReviewsCWE-79 6.4 Medium2025-12-11
CVE-2025-12510 Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews — Widgets for Google ReviewsCWE-79 7.2 High2025-12-06
CVE-2025-12123 Customer Reviews Collector for WooCommerce <= 4.6.1 - Reflected Cross-Site Scripting — Customer Reviews Collector for WooCommerceCWE-79 6.1 Medium2025-11-27
CVE-2025-8906 Widgets for Tiktok Feed <= 1.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting — Widgets for Tiktok FeedCWE-79 6.4 Medium2025-09-26
CVE-2023-3254 Widgets for Google Reviews <= 10.9 - Cross-Site Request Forgery to Plugin Settings Reset — Widgets for Google ReviewsCWE-352 4.3 Medium2023-10-18

This page lists every published CVE security advisory associated with Trustindex. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.