Skip to main content

Customer Reviews For Woocommerce CVE-2022-38470

HIGH
Cross-Site Request Forgery (CSRF) (CWE-352)
2022-09-23 audit@patchstack.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 23, 2022 - 16:15 nvd
HIGH 8.8

DescriptionNVD

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

AnalysisAI

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Request Forgery (CSRF) (CWE-352), which allows attackers to trick authenticated users into performing unintended actions. Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Affected products include: Cusrev Customer Reviews For Woocommerce.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement anti-CSRF tokens, validate Origin/Referer headers, use SameSite cookie attribute.

CVE-2023-0080 HIGH POC
8.8 Feb 13

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, wh

CVE-2026-12684 MEDIUM POC
6.5 Jul 16

The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or non

CVE-2022-38134 HIGH
8.8 Sep 23

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at W

CVE-2022-40194 HIGH
7.5 Sep 23

Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at Wo

CVE-2026-13771 MEDIUM
6.4 Jul 09

Stored Cross-Site Scripting in the Customer Reviews for WooCommerce WordPress plugin (all versions ≤ 5.113.0) allows con

CVE-2024-3731 MEDIUM
6.1 Apr 19

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' pa

CVE-2024-1044 MEDIUM
5.3 Feb 29

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a mi

CVE-2024-3869 MEDIUM
4.3 Apr 16

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing

CVE-2024-3243 MEDIUM
4.3 Apr 16

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing c

CVE-2023-51692 MEDIUM
4.3 Feb 28

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.38.1. Rated medium severity (CVSS 4.3), t

CVE-2024-10614 MEDIUM
4.3 Nov 16

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capabili

Share

CVE-2022-38470 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy