CVE-2026-12684
The CVE concerns the WordPress plugin “Customer Reviews for WooCommerce” (pre-5.113.0). It specifies that an unauthenticated user can bypass authentication, capabilities, and nonce checks on a media-upload AJAX action when the review media attachment feature is enabled. This allows uploading medi...