CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43323 – WordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43323
16 Aug 2024 — Missing Authorization vulnerability in ReviewX allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects ReviewX: from n/a through 1.6.28. Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to invalid rating in all versions up to, and including, 1.6.28. This is... • https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-28-broken-access-control-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-3609 – ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-3609
16 May 2024 — The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments. El complemento para Wordpress ReviewX – Multi-criteria Rating & Reviews for WooCommerce es vulnerable a la eliminación no autorizada de datos debi... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3086273%40reviewx%2Ftrunk&old=3054184%40reviewx%2Ftrunk&sfp_email=&sfph_mail= • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33921 – WordPress ReviewX plugin <= 1.6.21 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-33921
29 Apr 2024 — Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. Vulnerabilidad de control de acceso roto en ReviewX. Este problema afecta a ReviewX: desde n/a hasta 1.6.21. The ReviewX plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the remote_post() function in versions up to, and including, 1.6.21. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform a post request. • https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-21-broken-access-control-vulnerability?_s_id=cve • CWE-281: Improper Preservation of Permissions CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29812 – WordPress ReviewX plugin <= 1.6.22 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29812
25 Mar 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('Cross-site Scripting') en ReviewX permite XSS almacenado. Este problema afecta a ReviewX: desde n/a hasta 1.6.22. The ReviewX plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.6.2... • https://patchstack.com/database/vulnerability/reviewx/wordpress-reviewx-plugin-1-6-22-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40670 – WordPress ReviewX plugin <= 1.6.17 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2023-40670
22 Aug 2023 — Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17. The ReviewX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rx_coupon_from_submit function in versions up to, and including, 1.6.17. This makes it possible for authenticated attackers, with subscriber-level access and above, to update options. • https://patchstack.com/database/wordpress/plugin/reviewx/vulnerability/wordpress-reviewx-plugin-1-6-17-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •