PT-2026-33276 · WordPress · Customer Reviews For Woocommerce
Athiwat Tiprasaharn
+1
·
Published
2026-04-16
·
Updated
2026-04-16
·
CVE-2026-3355
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Customer Reviews for WooCommerce versions prior to 5.101.1
Description
The Customer Reviews for WooCommerce plugin for WordPress contains a Reflected Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping in the
crsearch parameter. Unauthenticated attackers can exploit this by injecting arbitrary web scripts into pages, which execute when a user is tricked into clicking a malicious link.Recommendations
Update the plugin to a version later than 5.101.0.
As a temporary workaround, restrict access to or avoid using the
crsearch parameter until the update is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Customer Reviews For Woocommerce