A critical flaw in the WP Product Review Lite plugin installed on over 40,000 WordPress sites could potentially allow attackers to take over. The vulnerability was discovered by researchers at Sucuri Labs, it is a persistent XSS that could be exploited by remote, unauthenticated attackers. A successful attack results in malicious scripts being injected in all the sites products. The plugin was reported to the plugin developers on May 13, and it was fixed in only 24 hours, on May 14, 2020. At the time of writing, more than 7,000 users have already fixed their plugin.”]
Source: https://securityaffairs.co/wordpress/103369/breaking-news/wp-product-review-lite-xss.html

