Skip to main content

Customer Reviews For Woocommerce

12 CVEs product

Monthly

CVE-2026-12684 POC PATCH This Week

The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion.

WordPress Information Disclosure Customer Reviews For Woocommerce
NVD WPScan
CVE-2026-13771 MEDIUM This Month

Stored Cross-Site Scripting in the Customer Reviews for WooCommerce WordPress plugin (all versions ≤ 5.113.0) allows contributor-level authenticated users to inject arbitrary JavaScript via the 'color' attribute of the trust badge shortcode, which then executes in the browsers of every subsequent visitor to the compromised page. The trust badge rendering code in class-cr-trust-badge.php and badge-small.php fails to sanitize or escape shortcode attribute input before writing it to HTML output. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; a patch commit is referenced in the WordPress SVN repository.

WordPress XSS Customer Reviews For Woocommerce
NVD
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-10614 MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-3731 MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2024-3869 MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2024-3243 MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1044 MEDIUM This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-51692 MEDIUM This Month

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.38.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Customer Reviews For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-0080 HIGH POC This Week

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP Customer Reviews For Woocommerce
NVD WPScan
CVSS 3.1
8.8
EPSS
1.1%
CVE-2022-40194 HIGH This Week

Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2022-38470 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Customer Reviews For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2022-38134 HIGH This Week

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Customer Reviews For Woocommerce
NVD
CVSS 3.1
8.8
EPSS
0.8%
POC PATCH This Week

The Customer Reviews for WooCommerce WordPress plugin before 5.113.0 does not perform authentication, capability, or nonce checks on one of its media upload AJAX actions when the review media attachment feature is enabled, allowing unauthenticated users to upload media files (bounded to an image and video allowlist) to the Media Library and create attachment posts, leading to media library pollution and disk space exhaustion.

WordPress Information Disclosure Customer Reviews For Woocommerce
NVD WPScan
EPSS 0% CVSS 6.4
MEDIUM This Month

Stored Cross-Site Scripting in the Customer Reviews for WooCommerce WordPress plugin (all versions ≤ 5.113.0) allows contributor-level authenticated users to inject arbitrary JavaScript via the 'color' attribute of the trust badge shortcode, which then executes in the browsers of every subsequent visitor to the compromised page. The trust badge rendering code in class-cr-trust-badge.php and badge-small.php fails to sanitize or escape shortcode attribute input before writing it to HTML output. No public exploit code has been identified and this vulnerability is not listed in the CISA KEV catalog at time of analysis; a patch commit is referenced in the WordPress SVN repository.

WordPress XSS Customer Reviews For Woocommerce
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Customer Reviews For Woocommerce
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress Customer Reviews For Woocommerce
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Customer Reviews For Woocommerce
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Authentication Bypass WordPress Customer Reviews For Woocommerce
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Customer Reviews For Woocommerce
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.38.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Customer Reviews For Woocommerce
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE WordPress PHP +1
NVD WPScan
EPSS 1% CVSS 7.5
HIGH This Week

Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Customer Reviews For Woocommerce
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF WordPress Customer Reviews For Woocommerce
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Privilege Escalation Customer Reviews For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy