VYPR

Reviewx

by Wpdeveloper

CVEs (8)

  • CVE-2023-2833HigJun 6, 2023
    risk 0.59cvss 8.8epss 0.17

    The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a…

  • CVE-2025-10679HigMar 23, 2026
    risk 0.47cvss 7.3epss 0.00

    The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the…

  • CVE-2024-29812MedMar 27, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.

  • CVE-2022-46809MedNov 7, 2023
    risk 0.40cvss 6.1epss 0.01

    Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7.

  • CVE-2023-40670MedDec 13, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.

  • CVE-2024-3609MedMay 16, 2024
    risk 0.28cvss 4.3epss 0.00

    The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible…

  • CVE-2024-33921MedMay 3, 2024
    risk 0.28cvss 4.3epss 0.00

    Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21.

  • CVE-2024-43323Nov 1, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.