CVE-2023-51692 – WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control
https://notcve.org/view.php?id=CVE-2023-51692
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. Vulnerabilidad de autorización faltante en CusRev Customer Reviews for WooCommerce. Este problema afecta a las Reseñas de clientes de WooCommerce: desde n/a hasta 5.38.1. The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple functions in the 'CR_Manual' class versions up to, and including, 5.38.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send manual review reminders. • https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVE-2023-45101 – Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization in Reviews Exporter
https://notcve.org/view.php?id=CVE-2023-45101
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the check_progress and cancel_export functions in versions up to, and including, 5.36.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to check the progress of or cancel a reviews export. • CWE-862: Missing Authorization •