CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51692 – WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-51692
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. Vulnerabilidad de autorización faltante en CusRev Customer Reviews for WooCommerce. Este problema afecta a las Reseñas de clientes de WooCommerce: desde n/a hasta 5.38.1. The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in the 'CR_Manual' class versions up to, and including, 5.38.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send manual review reminders. • https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48275 – WordPress Widgets for Google Reviews plugin <= 11.0.2 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2023-48275
Unrestricted Upload of File with Dangerous Type vulnerability in Trustindex.Io Widgets for Google Reviews.This issue affects Widgets for Google Reviews: from n/a through 11.0.2. Carga sin restricciones de archivos con vulnerabilidad de tipo peligroso en los widgets Trustindex.Io para reseñas de Google. Este problema afecta a los widgets para reseñas de Google: desde n/a hasta 11.0.2. Multiple plugins for WordPress by Trustindex.io are vulnerable to arbitrary file uploads due to missing file type validation in the ~/tabs/feature_request.php file in various versions. This makes it possible for authenticated attackers, with editor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. • https://patchstack.com/database/vulnerability/wp-reviews-plugin-for-google/wordpress-widgets-for-google-reviews-plugin-11-0-2-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45101 – Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter
https://notcve.org/view.php?id=CVE-2023-45101
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the check_progress and cancel_export functions in versions up to, and including, 5.36.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to check the progress of or cancel a reviews export. • CWE-862: Missing Authorization •