VYPR

Customer Reviews For Woocommerce

by WordPress

Source repositories

CVEs (15)

  • CVE-2023-6979HigJan 11, 2024
    risk 0.57cvss 8.8epss 0.01

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with…

  • CVE-2023-0080HigFeb 13, 2023
    risk 0.57cvss 8.8epss 0.01

    The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and…

  • CVE-2025-5720MedJul 31, 2025
    risk 0.42cvss 6.4epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author’ parameter in all versions up to, and including, 5.80.2 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2026-1316HigFeb 12, 2026
    risk 0.40cvss 7.2epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to, and including, 5.97.0 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2023-0079MedJan 16, 2024
    risk 0.35cvss 5.4epss 0.01

    The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform…

  • CVE-2022-40194MedSep 23, 2022
    risk 0.35cvss 5.3epss 0.01

    Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress

  • CVE-2024-1044MedFeb 29, 2024
    risk 0.34cvss 5.3epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to…

  • CVE-2024-3731MedApr 19, 2024
    risk 0.33cvss 6.1epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2023-45101MedJan 2, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through <= 5.36.0.

  • CVE-2023-51692MedFeb 28, 2024
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.

  • CVE-2022-38470MedSep 23, 2022
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

  • CVE-2022-38134MedSep 23, 2022
    risk 0.28cvss 4.3epss 0.01

    Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

  • CVE-2024-10614MedNov 16, 2024
    risk 0.21cvss 4.3epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with…

  • CVE-2024-3869MedApr 16, 2024
    risk 0.21cvss 4.3epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.

  • CVE-2024-3243MedApr 16, 2024
    risk 0.21cvss 4.3epss 0.00

    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with…