Login Sign Up

CVE-2019-25216

7.2 HIGH
Cross-Site Scripting

📋 TL;DR

The Rich Review WordPress plugin versions up to 1.7.4 contain a stored cross-site scripting vulnerability in the 'update' POST parameter. Unauthenticated attackers can inject malicious scripts that execute when users view compromised pages. This affects all WordPress sites using vulnerable versions of the plugin.

💻 Affected Systems

Products:
  • Rich Reviews WordPress Plugin
Versions: All versions up to and including 1.7.4
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with the Rich Reviews plugin enabled.

📦 What is this software?

Rich Review by Starfish

View all CVEs affecting Rich Review →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal administrator credentials, deface websites, redirect users to malicious sites, or install backdoors for persistent access.

🟠

Likely Case

Attackers inject malicious scripts to steal user session cookies, redirect visitors to phishing sites, or display unwanted advertisements.

🟢

If Mitigated

With proper input validation and output escaping, the vulnerability would be prevented, though the plugin would still need updating.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploits have been observed in the wild according to Wordfence reports.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.5 or later

Vendor Advisory: https://wordpress.org/plugins/rich-reviews/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Rich Reviews plugin. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin.

🔧 Temporary Workarounds

Disable Rich Reviews Plugin

all

Deactivate the vulnerable plugin to prevent exploitation.

wp plugin deactivate rich-reviews

Apply Web Application Firewall

all

Configure WAF to block XSS payloads targeting the 'update' parameter.

🧯 If You Can't Patch

  • Deactivate and remove the Rich Reviews plugin immediately
  • Implement strict Content Security Policy headers to mitigate XSS impact

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Rich Reviews for version number. If version is 1.7.4 or lower, you are vulnerable.

Check Version:

wp plugin get rich-reviews --field=version

Verify Fix Applied:

After updating, verify plugin version is 1.7.5 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • POST requests to /wp-admin/admin-ajax.php with 'update' parameter containing script tags or JavaScript code
  • Unusual plugin file modifications

Network Indicators:

  • HTTP requests with suspicious payloads in POST body targeting the plugin's AJAX endpoint

SIEM Query:

source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND (body CONTAINS "<script>" OR body CONTAINS "javascript:")

📊 Metadata

CVE ID: CVE-2019-25216
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
Published: October 16, 2024
Last Updated: December 23, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25216, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)