Lucene search
K
CusrevCustomer Reviews For Woocommerce

13 matches found

CVE
CVE
added 2024/02/28 6:49 p.m.101 views

CVE-2023-51692

CVE-2023-51692 affects the WordPress plugin Customer Reviews for WooCommerce (CusRev). Affected: CusRev for WooCommerce, versions up to 5.38.1. Issue: Missing Authorization (Broken Access Control) allowing unauthorized access via CR_Manual actions. Exploitation details are not provided in the doc...

4.3CVSS6.3AI score0.00337EPSS
CVE
CVE
added 2024/02/20 6:56 p.m.94 views

CVE-2024-1044

CVE-2024-1044 concerns the WordPress plugin “Customer Reviews for WooCommerce.” The root cause is a missing capability check in the submit_review function across all versions up to and including 5.38.12, which allows unauthenticated attackers to submit reviews with arbitrary emails, regardless of...

5.3CVSS6.2AI score0.00409EPSS
CVE
CVE
added 2025/01/02 11:59 a.m.82 views

CVE-2023-45101

CVE-2023-45101 affects CusRev Customer Reviews for WooCommerce (WordPress) up to version 5.36.0. The issue is described as Missing Authorization / Broken Access Control, arising from incorrectly configured access control security levels. Connected sources indicate a low-severity impact (CVSS 4.3,...

4.3CVSS7.3AI score0.00325EPSS
CVE
CVE
added 2022/09/23 3:5 p.m.66 views

CVE-2022-40194

CVE-2022-40194 affects the WordPress Customer Reviews for WooCommerce plugin, specifically versions 5.3.5 and earlier. The vulnerability is an unauthenticated sensitive information disclosure in the plugin’s handling of reviews, with no user interaction required. Impact is confined to confidentia...

7.5CVSS6.1AI score0.00724EPSS
CVE
CVE
added 2022/09/23 3:8 p.m.62 views

CVE-2022-38470

CVE-2022-38470 is a CSRF vulnerability in the WordPress Customer Reviews for WooCommerce plugin, affecting versions

8.8CVSS6.6AI score0.00306EPSS
CVE
CVE
added 2022/09/23 3:14 p.m.61 views

CVE-2022-38134

CVE-2022-38134 affects the WordPress Customer Reviews for WooCommerce plugin (

8.8CVSS6.4AI score0.00796EPSS
CVE
CVE
added 2024/04/16 12:51 p.m.59 views

CVE-2024-3243

CVE-2024-3243 affects the Customer Reviews for WooCommerce plugin for WordPress. Root cause: a missing capability check in send_test_email(), enabling unauthorized email sending by authenticated users with subscriber-level access or higher. Affected versions: all versions up to and including 5.46...

4.3CVSS6.5AI score0.00431EPSS
CVE
CVE
added 2024/11/16 5:39 a.m.56 views

CVE-2024-10614

CVE-2024-10614 affecting the WordPress plugin “Customer Reviews for WooCommerce” (versions

4.3CVSS4.3AI score0.00272EPSS
CVE
CVE
added 2024/04/19 2:34 a.m.55 views

CVE-2024-3731

CVE-2024-3731 affects the Customer Reviews for WooCommerce plugin for WordPress. It is a Reflected XSS via the 's' parameter in all versions up to and including 5.47.0, due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject web scripts into pag...

6.1CVSS6.3AI score0.00374EPSS
CVE
CVE
added 2023/02/13 2:32 p.m.50 views

CVE-2023-0080

The CVE-2023-0080 entry concerns the WordPress plugin Customer Reviews for WooCommerce (pre-5.16.0). The vulnerability arises from a deficient validation of a shortcode attribute, enabling users with a contributor role or higher to perform Local File Inclusion by traversing attributes to read arb...

8.8CVSS8.7AI score0.01125EPSS
CVE
CVE
added 2024/01/11 8:32 a.m.49 views

CVE-2023-6979

CVE-2023-6979 affects the WordPress plugin “Customer Reviews for WooCommerce.” The issue stems from missing file type validation in the ivole_import_upload_csv AJAX action, affecting all versions up to and including 5.38.9. An authenticated attacker with author-level access could upload arbitrary...

8.8CVSS8.8AI score0.01146EPSS
CVE
CVE
added 2024/04/16 12:51 p.m.48 views

CVE-2024-3869

Technical details about CVE-2024-3869 are not publicly provided in the supplied documents. Monitor for updates from Wordfence/NVD.

4.3CVSS6.5AI score0.00454EPSS
CVE
CVE
added 2024/01/16 3:54 p.m.37 views

CVE-2023-0079

The CVE-2023-0079 issue affects the WordPress plugin “Customer Reviews for WooCommerce” (pre-5.17.0). The root cause is that the plugin does not validate and escape certain shortcode attributes before outputting them in pages or posts where the shortcode is embedded, enabling Stored XSS for users...

5.4CVSS5.3AI score0.00534EPSS