Reviewx
Sign in to watchby Wpdeveloper
CVEs (6)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-2833 | Hig | 0.59 | 8.8 | 0.27 | Jun 6, 2023 | The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update. | |
| CVE-2024-29812 | Med | 0.42 | 6.5 | 0.00 | Mar 27, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. | |
| CVE-2022-46809 | Med | 0.40 | 6.1 | 0.01 | Nov 7, 2023 | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. | |
| CVE-2023-40670 | Med | 0.28 | 4.3 | 0.00 | Dec 13, 2024 | Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17. | |
| CVE-2024-3609 | Med | 0.28 | 4.3 | 0.00 | May 16, 2024 | The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments. | |
| CVE-2024-33921 | Med | 0.28 | 4.3 | 0.00 | May 3, 2024 | Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. |