PT-2026-27049 · Unknown+1 · Woocommerce+1

Abrahack

Published

2026-03-23

Updated

2026-03-24

CVE-2025-10734

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress versions up to and including 2.2.12

Description The ReviewX plugin for WordPress is susceptible to exposure of sensitive information. Unauthenticated attackers can potentially extract sensitive data, including user names, emails, phone numbers, and addresses, through the syncedData function.

Recommendations Update the ReviewX plugin to a version later than 2.2.12.

Fix

Insecure Storage of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-922

Related Identifiers

CVE-2025-10734

Affected Products

Reviewx

Woocommerce

PT-2026-27049 · Unknown+1 · Woocommerce+1

CVE-2025-10734

Weakness Enumeration

Related Identifiers

Affected Products

References · 6