Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Plugin endpoint reachable over the network without authentication or user interaction; broken auth lets attacker change plugin-managed state (I:H) without confidentiality or availability impact.
Primary rating from Vendor (Patchstack).
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Lifecycle Timeline
1DescriptionCVE.org
Unauthenticated Broken Authentication in ReviewX <= 2.3.6 versions.
AnalysisAI
Authentication bypass in the ReviewX WordPress plugin versions 2.3.6 and earlier allows remote unauthenticated attackers to perform actions they should not be able to, leading to high-integrity impact on the affected site. The flaw is classified as CWE-288 (authentication bypass using an alternate path/channel) and was disclosed by Patchstack via the WordPress plugin vulnerability database. No public exploit identified at time of analysis and the issue is not listed on CISA KEV.
Technical ContextAI
ReviewX is a WordPress plugin that adds multi-criteria customer review and rating functionality (commonly used on WooCommerce stores). The CPE cpe:2.3:a:reviewx:reviewx:*:*:*:*:*:*:*:* and the Patchstack advisory confirm this is the plugin distribution, not a standalone application. CWE-288 describes a Broken Authentication condition where a code path exposes privileged functionality without performing the normal authentication check - typically an AJAX/REST endpoint, nonce-only check, or a capability check that is missing or trivially bypassed. With CVSS C:N/I:H/A:N, the bypass appears to permit attackers to invoke write/state-changing actions (e.g., creating, modifying, or approving reviews or related plugin data) without proving identity, but does not directly leak protected data nor crash the host.
RemediationAI
No vendor-released patch identified at time of analysis in the provided data; defenders should consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/reviewx/vulnerability/wordpress-reviewx-plugin-2-3-6-broken-authentication-vulnerability for the latest fixed version and upgrade ReviewX past 2.3.6 as soon as a release is available. Until a fix is installed, compensating controls include deactivating the ReviewX plugin on sites that do not currently rely on it (loses review functionality but eliminates exposure), restricting access to the plugin's REST and admin-ajax endpoints via WAF rules or .htaccess (may break legitimate frontend review submissions if rules are too broad), and enabling Patchstack or an equivalent virtual-patching WAF that ships a signature for this CVE. Monitor wp-content/plugins/reviewx and the wp_posts/wp_comments tables for unexpected new entries that could indicate exploitation attempts.
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to i
The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerabili
Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security
Reflected/stored Cross-Site Scripting in the ReviewX WordPress plugin (versions 2.3.10 and earlier) allows unauthenticat
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Sto
The ReviewX - Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletio
Broken Access Control vulnerability in ReviewX.6.21. Rated medium severity (CVSS 4.3), this vulnerability is remotely ex
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36987
GHSA-c83w-fg37-x4j7