Ivole Customer Reviews For Woocommerce
11 CVEs affecting Ivole Customer Reviews For Woocommerce. Latest disclosed: 2026-04-16. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6979 | High | 8.8 | 2024-01-11 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_uploa… |
CVE-2026-1316 | High | 7.2 | 2026-02-12 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'media[].href' parameter in all versions up to… |
CVE-2025-14891 | Medium | 6.4 | 2026-01-07 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'displayName' parameter in all versions up to, a… |
CVE-2025-5720 | Medium | 6.4 | 2025-07-31 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author’ parameter in all versions up to, and in… |
CVE-2026-3355 | Medium | 6.1 | 2026-04-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, a… |
CVE-2024-3731 | Medium | 6.1 | 2024-04-19 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and incl… |
CVE-2026-4664 | Medium | 5.3 | 2026-04-10 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.103.0. This is due to… |
CVE-2024-1044 | Medium | 5.3 | 2024-02-20 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_r… |
CVE-2024-10614 | Medium | 4.3 | 2024-11-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() functio… |
CVE-2024-3243 | Medium | 4.3 | 2024-04-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email(… |
CVE-2024-3869 | Medium | 4.3 | 2024-04-16 | The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_js… |