VYPR

Customer Reviews Woocommerce

by WordPress

Source repositories

CVEs (8)

  • CVE-2023-0080HigFeb 13, 2023
    risk 0.57cvss 8.8epss 0.01

    The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and…

  • CVE-2025-5720MedJul 31, 2025
    risk 0.42cvss 6.4epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author’ parameter in all versions up to, and including, 5.80.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2025-12123MedNov 27, 2025
    risk 0.40cvss 6.1epss 0.00

    The Customer Reviews Collector for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'email-text' parameter in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2025-14891MedJan 7, 2026
    risk 0.35cvss 6.4epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, and including, 5.93.1 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-0079MedJan 16, 2024
    risk 0.35cvss 5.4epss 0.01

    The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform…

  • CVE-2026-4664MedApr 10, 2026
    risk 0.34cvss 5.3epss 0.01

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to the `create_review_permissions_check()` function comparing the user-supplied `key` parameter against the order's…

  • CVE-2026-3355MedApr 16, 2026
    risk 0.33cvss 6.1epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-1849Apr 15, 2024
    risk 0.00cvss epss 0.01

    The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL