CVE-2025-10679

Name of the Vulnerable Software and Affected Versions ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions through 2.2.12

Description The ReviewX plugin for WordPress is susceptible to arbitrary method calls due to inadequate input validation within the bulkTenReviews function. This allows attackers to pass user-controlled data to a variable function call, potentially enabling the execution of arbitrary PHP class methods that require no inputs or have default values. Successful exploitation could lead to information disclosure or remote code execution, contingent upon the server configuration and available methods.

Recommendations Update the ReviewX plugin to a version newer than 2.2.12.