CVE-2025-10731

Name of the Vulnerable Software and Affected Versions ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions up to and including 2.2.12

Description The ReviewX plugin for WordPress is susceptible to sensitive information exposure. This allows unauthenticated attackers to obtain authentication tokens and bypass admin restrictions. Successful exploitation grants access to sensitive data, including order details, names, emails, addresses, phone numbers, and user information, potentially enabling data export. The issue resides within the allReminderSettings function.

Recommendations Update ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress to a version later than 2.2.12.