CVE-2025-12123

Name of the Vulnerable Software and Affected Versions Customer Reviews Collector for WooCommerce plugin for WordPress versions prior to 4.6.2

Description The software is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a link. The vulnerability exists via the email-text parameter.

Recommendations Update to version 4.6.2 or later.