CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43323 – WordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43323
16 Aug 2024 — Missing Authorization vulnerability in ReviewX allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviewX: from n/a through 1.6.28. Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to invalid rating in all versions up to, and including, 1.6.28. This is... • https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-28-broken-access-control-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33921 – WordPress ReviewX plugin <= 1.6.21 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33921
29 Apr 2024 — Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. Vulnerabilidad de control de acceso roto en ReviewX. Este problema afecta a ReviewX: desde n/a hasta 1.6.21. The ReviewX plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the remote_post() function in versions up to, and including, 1.6.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a post request. • https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-21-broken-access-control-vulnerability?_s_id=cve • CWE-281: Improper Preservation of Permissions CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29812 – WordPress ReviewX plugin <= 1.6.22 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29812
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en ReviewX permite XSS almacenado. Este problema afecta a ReviewX: desde n/a hasta 1.6.22. The ReviewX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.2... • https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-22-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40670 – WordPress ReviewX plugin <= 1.6.17 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-40670
22 Aug 2023 — Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17. The ReviewX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rx_coupon_from_submit function in versions up to, and including, 1.6.17. This makes it possible for authenticated attackers, with subscriber-level access and above, to update options. • https://patchstack.com/database/wordpress/plugin/reviewx/vulnerability/wordpress-reviewx-plugin-1-6-17-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 4CVE-2023-2833 – ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-2833
31 May 2023 — The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update. WordPress ReviewX plugin versions 1.6.13 and below suffer from a privilege escalatio... • https://github.com/Alucard0x1/CVE-2023-2833 • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-46809 – WordPress ReviewX Plugin <= 1.6.7 is vulnerable to CSV Injection
https://notcve.org/view.php?id=CVE-2022-46809
13 Apr 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce. Este problema afecta ReviewX – Multi-criteria Rating & Reviews for WooCommerce: desde n/a hasta 1.6... • https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-6-csv-injection?_s_id=cve • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26325 – ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.8 - Authenticated (Subscriber+) SQL Injection
https://notcve.org/view.php?id=CVE-2023-26325
23 Feb 2023 — The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters. The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'filterValue' and 'selectedColumns' parameters passed through the 'rx_export_review' AJAX action in versions up to, and including, 1.6.8 due to insufficient escaping on the user supplied parameter and lack of suf... • https://www.tenable.com/security/research/tra-2023-2 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •