Back to CVE List

CVE-2025-10736

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Description

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-285
Source
NVD
Vendor
reviewx
Product
ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema

External References

Discussion (0)

Add Comment

No comments yet. Be the first!