CVE-2022-40194 – WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability

https://notcve.org/view.php?id=CVE-2022-40194

22 Sep 2022 — Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress Una vulnerabilidad de Divulgación de Información Confidencial no Autenticada en el plugin Customer Reviews for WooCommerce versiones anteriores a 5.3.5 incluyéndola en WordPress. The Customer Reviews for WooCommerce plugin contains several AJAX actions that are not protected by capability or nonce checks in versions up to, and including, 5.3.5. This allows authenticated users, such... • https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-285: Improper Authorization •