CVE-2025-10736

Name of the Vulnerable Software and Affected Versions ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions through 2.2.10

Description The ReviewX plugin for WordPress is susceptible to unauthorized data access because of insufficient authorization checks within the userAccessibility() function. This allows unauthenticated attackers to access protected REST API endpoints and potentially extract or modify user and plugin configuration information.

Recommendations Update the ReviewX plugin to a version newer than 2.2.10.