PT-2026-27048 · WordPress · Reviewx – Woocommerce Product Reviews With Multi-Criteria
Abrahack
·
Published
2026-03-23
·
Updated
2026-03-23
·
CVE-2025-10731
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions up to and including 2.2.12
Description
The ReviewX plugin for WordPress is susceptible to sensitive information exposure. This allows unauthenticated attackers to obtain authentication tokens and bypass admin restrictions. Successful exploitation grants access to sensitive data, including order details, names, emails, addresses, phone numbers, and user information, potentially enabling data export. The issue resides within the
allReminderSettings function.Recommendations
Update ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress to a version later than 2.2.12.
Fix
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Reviewx – Woocommerce Product Reviews With Multi-Criteria