Browse all 4 CVE security advisories affecting richplugins. AI-powered Chinese analysis, POCs, and references for each vulnerability.
RichPlugins develops WordPress plugins for enhancing website functionality with features like forms, galleries, and SEO tools. Historically, their plugins have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. With four CVEs documented, these security gaps have allowed attackers to execute arbitrary code, manipulate content, and gain elevated access. While no major public incidents have been widely reported, the consistent pattern of vulnerabilities suggests ongoing challenges in secure coding practices, potentially exposing thousands of WordPress sites to compromise if not promptly updated.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-32360 | WordPress Rich Showcase for Google Reviews plugin <= 6.9.4.3 - Cross Site Scripting (XSS) vulnerability — Rich Showcase for Google ReviewsCWE-79 | 5.9 | Medium | 2026-03-13 |
| CVE-2025-30883 | WordPress Trust.Reviews plugin <= 2.3 - Broken Access Control vulnerability — Trust.ReviewsCWE-862 | 4.3 | Medium | 2025-03-27 |
| CVE-2022-44580 | WordPress Plugin for Google Reviews Plugin <= 2.2.3 is vulnerable to SQL Injection — Plugin for Google ReviewsCWE-89 | 9.1 | Critical | 2023-03-15 |
| CVE-2022-45369 | WordPress Plugin for Google Reviews plugin <= 2.2.2 - Auth. Broken Access Control vulnerability — Plugin for Google Reviews (WordPress plugin)CWE-264 | 4.3 | Medium | 2022-11-18 |
This page lists every published CVE security advisory associated with richplugins. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.