Reviewx Security Vulnerabilities and Issues — Reviewx CVE List

WpdeveloperReviewx

8 matches found

CVE•added 2023/02/23 12:0 a.m.•67 views

CVE-2023-26325

The CVE-2023-26325 issue affects the ReviewX WordPress Plugin. Concrete details: vulnerable action rx_export_review and an authenticated SQL injection in the filterValue and selectedColumns parameters. Affected software: ReviewX WordPress Plugin versions prior to 1.6.4 (per Patchstack and PT Secu...

8.8CVSS8.9AI score0.00872EPSS

Web

CVE•added 2024/03/27 12:9 p.m.•66 views

CVE-2024-29812

Technical details about CVE-2024-29812 are not publicly provided in the connected documents. The initial description notes a stored XSS in ReviewX up to version 1.6.22, but no concrete technical specifics (vendor, exact component, root cause, impact, or fix) are included here. Monitor for updates.

6.5CVSS8.6AI score0.00357EPSS

CVE•added 2024/05/16 8:31 p.m.•66 views

CVE-2024-3609

CVE-2024-3609 affects the ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin. A missing capability check in reviewx_remove_guest_image across versions up to 1.6.27 allows authenticated users with subscriber access and above to delete attachments, enabling data deletion. Wordfence/Wo...

4.3CVSS6.3AI score0.0037EPSS

CVE•added 2023/06/06 9:33 a.m.•65 views

CVE-2023-2833

Summary (CVE-2023-2833) : The ReviewX WordPress plugin (versions up to 1.6.13) is vulnerable to privilege escalation due to insufficient restriction on the rx_set_screen_options function. This allows an authenticated user with minimal privileges (e.g., a subscriber) to modify their own role by se...

8.8CVSS8.4AI score0.1748EPSS

CVE•added 2024/05/03 8:27 a.m.•59 views

CVE-2024-33921

CVE-2024-33921 targets the ReviewX WordPress plugin (ReviewX – Multi-criteria Rating & Reviews for WooCommerce). The connected Red Hat advisory confirms a Broken Access Control vulnerability in ReviewX affecting versions from n/a up to 1.6.21. The NVD entry rates the issue as High risk with CVSS ...

8.8CVSS5.1AI score0.00399EPSS

CVE•added 2024/11/01 2:17 p.m.•49 views

CVE-2024-43323

CVE-2024-43323 concerns ReviewX for WordPress with Missing Authorization (Broken Access Control) affecting versions up to 1.6.28. The root cause is incorrectly configured access control security levels, enabling access to functionality not properly constrained. The companion PT security entry not...

9.8CVSS6.4AI score0.00472EPSS

CVE•added 2024/12/13 2:24 p.m.•38 views

CVE-2023-40670

CVE-2023-40670 affects the WordPress ReviewX plugin (

4.3CVSS7.3AI score0.00381EPSS

CVE•added 2023/11/07 4:37 p.m.•36 views

CVE-2022-46809

CVE-2022-46809 affects WordPress ReviewX – Multi-criteria Rating & Reviews for WooCommerce (WPDeveloper). The vulnerable component is ReviewX CSV export functionality (CSV injection) in ReviewX

9.8CVSS8.6AI score0.00794EPSS