Cusrev Customer_reviews_for_woocommerce
13 CVEs affecting Cusrev Customer_reviews_for_woocommerce. Latest disclosed: 2025-01-02. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6979 | High | 8.8 | 2024-01-11 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_uploa… |
CVE-2023-0080 | High | 8.8 | 2023-02-13 | The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributo… |
CVE-2024-3731 | Medium | 6.1 | 2024-04-19 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and incl… |
CVE-2023-0079 | Medium | 5.4 | 2024-01-16 | The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back i… |
CVE-2024-1044 | Medium | 5.3 | 2024-02-29 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_r… |
CVE-2022-40194 | Medium | 5.3 | 2022-09-23 | Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress |
CVE-2023-45101 | Medium | 4.3 | 2025-01-02 | Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Con… |
CVE-2024-10614 | Medium | 4.3 | 2024-11-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() functio… |
CVE-2024-3869 | Medium | 4.3 | 2024-04-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_js… |
CVE-2024-3243 | Medium | 4.3 | 2024-04-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email(… |
CVE-2023-51692 | Medium | 4.3 | 2024-02-28 | Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. |
CVE-2022-38470 | Medium | 4.3 | 2022-09-23 | Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. |
CVE-2022-38134 | Medium | 4.3 | 2022-09-23 | Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. |