13 matches found
CVE-2023-51692
CVE-2023-51692 affects the WordPress plugin Customer Reviews for WooCommerce (CusRev). Affected: CusRev for WooCommerce, versions up to 5.38.1. Issue: Missing Authorization (Broken Access Control) allowing unauthorized access via CR_Manual actions. Exploitation details are not provided in the doc...
CVE-2024-1044
CVE-2024-1044 concerns the WordPress plugin “Customer Reviews for WooCommerce.” The root cause is a missing capability check in the submit_review function across all versions up to and including 5.38.12, which allows unauthenticated attackers to submit reviews with arbitrary emails, regardless of...
CVE-2023-45101
CVE-2023-45101 affects CusRev Customer Reviews for WooCommerce (WordPress) up to version 5.36.0. The issue is described as Missing Authorization / Broken Access Control, arising from incorrectly configured access control security levels. Connected sources indicate a low-severity impact (CVSS 4.3,...
CVE-2022-40194
CVE-2022-40194 affects the WordPress Customer Reviews for WooCommerce plugin, specifically versions 5.3.5 and earlier. The vulnerability is an unauthenticated sensitive information disclosure in the plugin’s handling of reviews, with no user interaction required. Impact is confined to confidentia...
CVE-2022-38470
CVE-2022-38470 is a CSRF vulnerability in the WordPress Customer Reviews for WooCommerce plugin, affecting versions
CVE-2022-38134
CVE-2022-38134 affects the WordPress Customer Reviews for WooCommerce plugin (
CVE-2024-3243
CVE-2024-3243 affects the Customer Reviews for WooCommerce plugin for WordPress. Root cause: a missing capability check in send_test_email(), enabling unauthorized email sending by authenticated users with subscriber-level access or higher. Affected versions: all versions up to and including 5.46...
CVE-2024-10614
CVE-2024-10614 affecting the WordPress plugin “Customer Reviews for WooCommerce” (versions
CVE-2024-3731
CVE-2024-3731 affects the Customer Reviews for WooCommerce plugin for WordPress. It is a Reflected XSS via the 's' parameter in all versions up to and including 5.47.0, due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject web scripts into pag...
CVE-2023-0080
The CVE-2023-0080 entry concerns the WordPress plugin Customer Reviews for WooCommerce (pre-5.16.0). The vulnerability arises from a deficient validation of a shortcode attribute, enabling users with a contributor role or higher to perform Local File Inclusion by traversing attributes to read arb...
CVE-2023-6979
CVE-2023-6979 affects the WordPress plugin “Customer Reviews for WooCommerce.” The issue stems from missing file type validation in the ivole_import_upload_csv AJAX action, affecting all versions up to and including 5.38.9. An authenticated attacker with author-level access could upload arbitrary...
CVE-2024-3869
Technical details about CVE-2024-3869 are not publicly provided in the supplied documents. Monitor for updates from Wordfence/NVD.
CVE-2023-0079
The CVE-2023-0079 issue affects the WordPress plugin “Customer Reviews for WooCommerce” (pre-5.17.0). The root cause is that the plugin does not validate and escape certain shortcode attributes before outputting them in pages or posts where the shortcode is embedded, enabling Stored XSS for users...