Customer Reviews For Woocommerce

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4664 MEDIUM This Month

Unauthenticated attackers can bypass authentication in Customer Reviews for WooCommerce plugin versions up to 5.103.0 by submitting an empty string as the review permission key, allowing them to create, modify, and inject malicious product reviews via the REST API without any legitimate order association. The vulnerability exploits improper key validation using strict equality comparison without checking for empty values, combined with auto-approval of reviews by default, enabling widespread review injection across all products on affected WooCommerce installations.

WordPress PHP Authentication Bypass Customer Reviews For Woocommerce
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-4664
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated attackers can bypass authentication in Customer Reviews for WooCommerce plugin versions up to 5.103.0 by submitting an empty string as the review permission key, allowing them to create, modify, and inject malicious product reviews via the REST API without any legitimate order association. The vulnerability exploits improper key validation using strict equality comparison without checking for empty values, combined with auto-approval of reviews by default, enabling widespread review injection across all products on affected WooCommerce installations.

WordPress PHP Authentication Bypass +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy