Customer Reviews For Woocommerce
CVE-2023-51692
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionCVE.org
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.
AnalysisAI
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.38.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.38.1. Affected products include: Cusrev Customer Reviews For Woocommerce. Version information: through 5.38.1..
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.
The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, wh
The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or non
Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated
Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at W
Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at Wo
Stored Cross-Site Scripting in the Customer Reviews for WooCommerce WordPress plugin (all versions ≤ 5.113.0) allows con
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' pa
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a mi
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing c
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capabili
Same weakness CWE-862 – Missing Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today