CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-10614 – Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation
https://notcve.org/view.php?id=CVE-2024-10614
15 Nov 2024 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status. • https://plugins.trac.wordpress.org/changeset/3188169/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php • CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3731 – Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's'
https://notcve.org/view.php?id=CVE-2024-3731
18 Apr 2024 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. El complemento Customer Reviews for WooCommerce para WordPress es vulnerable a R... • https://plugins.trac.wordpress.org/changeset/3072688/customer-reviews-woocommerce/trunk/includes/reminders/class-cr-reminders-log-table.php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3869 – Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search
https://notcve.org/view.php?id=CVE-2024-3869
15 Apr 2024 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes. El complemento Customer Reviews for WooCommerce para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función 'woocommerce_json_search_coupons'. Esto hace posible que los... • https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L470 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3243 – Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
https://notcve.org/view.php?id=CVE-2024-3243
15 Apr 2024 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails. El complemento Customer Reviews for WooCommerce para WordPress es vulnerable al envío de correo electrónico no autorizado debido a una falta de verificación de capacidad en ... • https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L506 • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1044 – Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review
https://notcve.org/view.php?id=CVE-2024-1044
06 Feb 2024 — The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled. El complemento Customer Reviews for WooCommerce para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta... • https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail= • CWE-284: Improper Access Control •