Search

Find a vulnerability

Search criteria

    26 vulnerabilities found for customer_reviews_for_woocommerce by cusrev

    CVE-2023-45101 (GCVE-0-2023-45101)

    Vulnerability from nvd – Published: 2025-01-02 11:59 – Updated: 2026-04-29 09:51
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through <= 5.36.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CusRev Customer Reviews for WooCommerce Affected: 0 , ≤ 5.36.0 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:34
    Credits
    Abdi Pranata | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45101",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T20:20:36.687900Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T20:20:48.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "customer-reviews-woocommerce",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "CusRev",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "5.36.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "5.36.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abdi Pranata | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:34:27.270Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Customer Reviews for WooCommerce: from n/a through \u003c= 5.36.0.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through \u003c= 5.36.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-29T09:51:50.080Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/customer-reviews-woocommerce/vulnerability/wordpress-customer-reviews-for-woocommerce-plugin-5-36-0-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.36.0 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-45101",
        "datePublished": "2025-01-02T11:59:49.130Z",
        "dateReserved": "2023-10-04T14:11:49.847Z",
        "dateUpdated": "2026-04-29T09:51:50.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10614 (GCVE-0-2024-10614)

    Vulnerability from nvd – Published: 2024-11-16 05:39 – Updated: 2026-04-08 17:29
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.61.0 (semver)
    Create a notification for this product.
    Credits
    tptNhan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-16T15:08:29.539582Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-16T15:08:46.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.61.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "tptNhan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:29:12.112Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e27224aa-56c4-49ab-b9b3-b431b38e126e?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3188169/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-15T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-10614",
        "datePublished": "2024-11-16T05:39:34.403Z",
        "dateReserved": "2024-10-31T15:48:02.619Z",
        "dateUpdated": "2026-04-08T17:29:12.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3731 (GCVE-0-2024-3731)

    Vulnerability from nvd – Published: 2024-04-19 02:34 – Updated: 2026-04-08 17:20
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's'
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.47.0 (semver)
    Create a notification for this product.
    wordpress customer_reviews_for_woocommerce Affected: - , ≤ 5.47.0 (custom)
        cpe:2.3:a:wordpress:customer_reviews_for_woocommerce:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wordpress:customer_reviews_for_woocommerce:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "customer_reviews_for_woocommerce",
                "vendor": "wordpress",
                "versions": [
                  {
                    "lessThanOrEqual": "5.47.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T19:23:31.854110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:33:13.934Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:01.124Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3072688/customer-reviews-woocommerce/trunk/includes/reminders/class-cr-reminders-log-table.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.47.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027s\u0027 parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:20:22.408Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3072688/customer-reviews-woocommerce/trunk/includes/reminders/class-cr-reminders-log-table.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-18T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.47.0 - Reflected Cross-Site Scripting via \u0027s\u0027"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3731",
        "datePublished": "2024-04-19T02:34:43.754Z",
        "dateReserved": "2024-04-12T18:34:38.001Z",
        "dateUpdated": "2026-04-08T17:20:22.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3869 (GCVE-0-2024-3869)

    Vulnerability from nvd – Published: 2024-04-16 12:51 – Updated: 2026-04-08 17:05
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.46.0 (semver)
    Create a notification for this product.
    Credits
    Thura Moe Myint
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T15:26:39.659043Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T15:26:51.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:26:57.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/881e8096-e75f-49a7-87ed-c230e93ea378?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L470"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.46.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thura Moe Myint"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027woocommerce_json_search_coupons\u0027 function . This makes it possible for attackers with subscriber level access to view coupon codes."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:05:14.241Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/881e8096-e75f-49a7-87ed-c230e93ea378?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L470"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-15T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3869",
        "datePublished": "2024-04-16T12:51:46.310Z",
        "dateReserved": "2024-04-16T00:15:13.946Z",
        "dateUpdated": "2026-04-08T17:05:14.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3243 (GCVE-0-2024-3243)

    Vulnerability from nvd – Published: 2024-04-16 12:51 – Updated: 2026-04-08 17:12
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.46.0 (semver)
    Create a notification for this product.
    ivole customer_reviews_for_woocommerce Affected: 0 , ≤ 5.46.0 (semver)
        cpe:2.3:a:ivole:customer_reviews_for_woocommerce:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Thura Moe Myint
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ivole:customer_reviews_for_woocommerce:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "customer_reviews_for_woocommerce",
                "vendor": "ivole",
                "versions": [
                  {
                    "lessThanOrEqual": "5.46.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-10T15:42:13.321617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T17:21:43.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:05:08.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L506"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.46.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thura Moe Myint"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:12:18.505Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L506"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-15T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3243",
        "datePublished": "2024-04-16T12:51:46.885Z",
        "dateReserved": "2024-04-02T20:48:20.321Z",
        "dateUpdated": "2026-04-08T17:12:18.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1044 (GCVE-0-2024-1044)

    Vulnerability from nvd – Published: 2024-02-20 18:56 – Updated: 2026-04-08 16:49
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.38.12 (semver)
    Create a notification for this product.
    cusrev customer_reviews_for_woocommerce Affected: 0 , ≤ 5.38.12 (semver)
        cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Francesco Carlucci
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12\u0026old=3032310\u0026new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0\u0026new=3032310\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "customer_reviews_for_woocommerce",
                "vendor": "cusrev",
                "versions": [
                  {
                    "lessThanOrEqual": "5.38.12",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T18:59:54.295316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-11T13:29:43.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.38.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Francesco Carlucci"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027submit_review\u0027 function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:49:17.190Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12\u0026old=3032310\u0026new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0\u0026new=3032310\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-06T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.38.10 - Improper Authorization via submit_review"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-1044",
        "datePublished": "2024-02-20T18:56:28.134Z",
        "dateReserved": "2024-01-29T17:29:42.510Z",
        "dateUpdated": "2026-04-08T16:49:17.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-51692 (GCVE-0-2023-51692)

    Vulnerability from nvd – Published: 2024-02-28 18:49 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control
    Summary
    Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CusRev Customer Reviews for WooCommerce Affected: n/a , ≤ 5.38.1 (custom)
    Create a notification for this product.
    Credits
    Abdi Pranata (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-51692",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T20:15:44.614708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:22:04.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:40:34.165Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "customer-reviews-woocommerce",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "CusRev",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "5.38.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "5.38.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Abdi Pranata (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.\u003cp\u003eThis issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:09:04.783Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a05.38.2 or a higher version."
                }
              ],
              "value": "Update to\u00a05.38.2 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Customer Reviews for WooCommerce Plugin \u003c= 5.38.1 is vulnerable to Broken Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-51692",
        "datePublished": "2024-02-28T18:49:02.498Z",
        "dateReserved": "2023-12-21T18:32:24.434Z",
        "dateUpdated": "2026-04-28T16:09:04.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0079 (GCVE-0-2023-0079)

    Vulnerability from nvd – Published: 2024-01-16 15:54 – Updated: 2025-06-02 15:10
    VLAI
    Title
    Customer Reviews for WooCommerce < 5.17.0 - Contributor+ Stored XSS
    Summary
    The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/fdaba4d1-950d-45… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Customer Reviews for WooCommerce Affected: 0 , < 5.17.0 (semver)
    Create a notification for this product.
    Credits
    Lana Codes WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:54:32.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/fdaba4d1-950d-4512-95de-cd43fe9e73e5/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0079",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T23:37:57.752175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-02T15:10:16.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "5.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lana Codes"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-16T15:54:58.622Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/fdaba4d1-950d-4512-95de-cd43fe9e73e5/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Customer Reviews for WooCommerce \u003c 5.17.0 - Contributor+ Stored XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-0079",
        "datePublished": "2024-01-16T15:54:58.622Z",
        "dateReserved": "2023-01-05T08:26:53.723Z",
        "dateUpdated": "2025-06-02T15:10:16.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6979 (GCVE-0-2023-6979)

    Vulnerability from nvd – Published: 2024-01-11 08:32 – Updated: 2026-04-08 16:50
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.38.9 (semver)
    Create a notification for this product.
    Credits
    Artem Guzhva
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:50:06.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php#L35"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://drive.proton.me/urls/K4R2HDQBS0#iuTPm3NqZEdz"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3018507%40customer-reviews-woocommerce\u0026new=3018507%40customer-reviews-woocommerce\u0026sfp_email=\u0026sfph_mail="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3016708%40customer-reviews-woocommerce\u0026new=3016708%40customer-reviews-woocommerce\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6979",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-17T19:09:49.881438Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-14T15:52:34.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.38.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Artem Guzhva"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:50:51.354Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php#L35"
            },
            {
              "url": "https://drive.proton.me/urls/K4R2HDQBS0#iuTPm3NqZEdz"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3018507%40customer-reviews-woocommerce\u0026new=3018507%40customer-reviews-woocommerce\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3016708%40customer-reviews-woocommerce\u0026new=3016708%40customer-reviews-woocommerce\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-09T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.38.9 - Authenticated (Author+) Arbitrary File Upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-6979",
        "datePublished": "2024-01-11T08:32:34.291Z",
        "dateReserved": "2023-12-20T07:34:22.067Z",
        "dateUpdated": "2026-04-08T16:50:51.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0080 (GCVE-0-2023-0080)

    Vulnerability from nvd – Published: 2023-02-13 14:32 – Updated: 2025-03-21 15:24
    VLAI
    Title
    Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI
    Summary
    The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/6b0d63ed-e244-4f… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Customer Reviews for WooCommerce Affected: 0 , < 5.16.0 (custom)
    Create a notification for this product.
    Credits
    Lana Codes WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:54:32.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/6b0d63ed-e244-4f20-8f10-a6e0c7ccadd4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0080",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T15:23:47.489292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T15:24:17.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "5.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lana Codes"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-13T14:32:22.189Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/6b0d63ed-e244-4f20-8f10-a6e0c7ccadd4"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Customer Reviews for WooCommerce \u003c 5.16.0 - Contributor+ LFI",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-0080",
        "datePublished": "2023-02-13T14:32:22.189Z",
        "dateReserved": "2023-01-05T08:30:50.719Z",
        "dateUpdated": "2025-03-21T15:24:17.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-40194 (GCVE-0-2022-40194)

    Vulnerability from nvd – Published: 2022-09-23 15:05 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability
    Summary
    Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-09-22 00:00
    Credits
    Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40194",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:15:19.981106Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:02:14.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Customer Reviews for WooCommerce (WordPress plugin)",
              "vendor": "CusRev",
              "versions": [
                {
                  "lessThanOrEqual": "5.3.5",
                  "status": "affected",
                  "version": "\u003c= 5.3.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:47.565Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 5.3.6 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Sensitive Information Disclosure vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-09-22T12:01:00.000Z",
              "ID": "CVE-2022-40194",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Sensitive Information Disclosure vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Customer Reviews for WooCommerce (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 5.3.5",
                                "version_value": "5.3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CusRev"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve"
                },
                {
                  "name": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 5.3.6 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-40194",
        "datePublished": "2022-09-23T15:05:35.492Z",
        "dateReserved": "2022-09-08T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:47.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-38470 (GCVE-0-2022-38470)

    Vulnerability from nvd – Published: 2022-09-23 15:08 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Date Public
    2022-09-22 00:00
    Credits
    Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:23:31.199264Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:01:35.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Customer Reviews for WooCommerce (WordPress plugin)",
              "vendor": "CusRev",
              "versions": [
                {
                  "lessThanOrEqual": "5.3.5",
                  "status": "affected",
                  "version": "\u003c= 5.3.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:47.347Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 5.3.6 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-09-22T12:23:00.000Z",
              "ID": "CVE-2022-38470",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Customer Reviews for WooCommerce (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 5.3.5",
                                "version_value": "5.3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CusRev"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 5.3.6 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-38470",
        "datePublished": "2022-09-23T15:08:22.696Z",
        "dateReserved": "2022-09-08T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:47.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-38134 (GCVE-0-2022-38134)

    Vulnerability from nvd – Published: 2022-09-23 15:14 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control vulnerability
    Summary
    Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Date Public
    2022-09-22 00:00
    Credits
    Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:23:28.303512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:01:28.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Customer Reviews for WooCommerce (WordPress plugin)",
              "vendor": "CusRev",
              "versions": [
                {
                  "lessThanOrEqual": "5.3.5",
                  "status": "affected",
                  "version": "\u003c= 5.3.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:47.079Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 5.3.6 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Authenticated Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-09-22T12:48:00.000Z",
              "ID": "CVE-2022-38134",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Authenticated Broken Access Control vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Customer Reviews for WooCommerce (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 5.3.5",
                                "version_value": "5.3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CusRev"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 5.3.6 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-38134",
        "datePublished": "2022-09-23T15:14:40.358Z",
        "dateReserved": "2022-09-08T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:47.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-45101 (GCVE-0-2023-45101)

    Vulnerability from cvelistv5 – Published: 2025-01-02 11:59 – Updated: 2026-04-29 09:51
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce plugin <= 5.36.0 - Broken Access Control vulnerability
    Summary
    Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through <= 5.36.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CusRev Customer Reviews for WooCommerce Affected: 0 , ≤ 5.36.0 (custom)
    Create a notification for this product.
    Date Public
    2026-04-22 14:34
    Credits
    Abdi Pranata | Patchstack Bug Bounty Program
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-45101",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-06T20:20:36.687900Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-01-06T20:20:48.158Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "customer-reviews-woocommerce",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "CusRev",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "5.36.1",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "5.36.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Abdi Pranata | Patchstack Bug Bounty Program"
            }
          ],
          "datePublic": "2026-04-22T14:34:27.270Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.\u003cp\u003eThis issue affects Customer Reviews for WooCommerce: from n/a through \u003c= 5.36.0.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce customer-reviews-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through \u003c= 5.36.0."
            }
          ],
          "impacts": [
            {
              "capecId": "CAPEC-180",
              "descriptions": [
                {
                  "lang": "en",
                  "value": "Exploiting Incorrectly Configured Access Control Security Levels"
                }
              ]
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-29T09:51:50.080Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/Wordpress/Plugin/customer-reviews-woocommerce/vulnerability/wordpress-customer-reviews-for-woocommerce-plugin-5-36-0-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "title": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.36.0 - Broken Access Control vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-45101",
        "datePublished": "2025-01-02T11:59:49.130Z",
        "dateReserved": "2023-10-04T14:11:49.847Z",
        "dateUpdated": "2026-04-29T09:51:50.080Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-10614 (GCVE-0-2024-10614)

    Vulnerability from cvelistv5 – Published: 2024-11-16 05:39 – Updated: 2026-04-08 17:29
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.61.0 (semver)
    Create a notification for this product.
    Credits
    tptNhan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-10614",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-11-16T15:08:29.539582Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-16T15:08:46.889Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.61.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "tptNhan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to cancel and import or check on the status."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:29:12.112Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e27224aa-56c4-49ab-b9b3-b431b38e126e?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3188169/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-11-15T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.61.0 - Missing Authorization to Authenticated (Subscriber+) Import Cancellation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-10614",
        "datePublished": "2024-11-16T05:39:34.403Z",
        "dateReserved": "2024-10-31T15:48:02.619Z",
        "dateUpdated": "2026-04-08T17:29:12.112Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3731 (GCVE-0-2024-3731)

    Vulnerability from cvelistv5 – Published: 2024-04-19 02:34 – Updated: 2026-04-08 17:20
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.47.0 - Reflected Cross-Site Scripting via 's'
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.47.0 (semver)
    Create a notification for this product.
    wordpress customer_reviews_for_woocommerce Affected: - , ≤ 5.47.0 (custom)
        cpe:2.3:a:wordpress:customer_reviews_for_woocommerce:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Krzysztof Zając
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wordpress:customer_reviews_for_woocommerce:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "customer_reviews_for_woocommerce",
                "vendor": "wordpress",
                "versions": [
                  {
                    "lessThanOrEqual": "5.47.0",
                    "status": "affected",
                    "version": "-",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3731",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-01T19:23:31.854110Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:33:13.934Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:01.124Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3072688/customer-reviews-woocommerce/trunk/includes/reminders/class-cr-reminders-log-table.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.47.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Krzysztof Zaj\u0105c"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u0027s\u0027 parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:20:22.408Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c3489038-2833-4080-b802-5733afab5de8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3072688/customer-reviews-woocommerce/trunk/includes/reminders/class-cr-reminders-log-table.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-18T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.47.0 - Reflected Cross-Site Scripting via \u0027s\u0027"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3731",
        "datePublished": "2024-04-19T02:34:43.754Z",
        "dateReserved": "2024-04-12T18:34:38.001Z",
        "dateUpdated": "2026-04-08T17:20:22.408Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3243 (GCVE-0-2024-3243)

    Vulnerability from cvelistv5 – Published: 2024-04-16 12:51 – Updated: 2026-04-08 17:12
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.46.0 (semver)
    Create a notification for this product.
    ivole customer_reviews_for_woocommerce Affected: 0 , ≤ 5.46.0 (semver)
        cpe:2.3:a:ivole:customer_reviews_for_woocommerce:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Thura Moe Myint
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:ivole:customer_reviews_for_woocommerce:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "customer_reviews_for_woocommerce",
                "vendor": "ivole",
                "versions": [
                  {
                    "lessThanOrEqual": "5.46.0",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3243",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-10T15:42:13.321617Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-06T17:21:43.540Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:05:08.342Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L506"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.46.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thura Moe Myint"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:12:18.505Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L506"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-15T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3243",
        "datePublished": "2024-04-16T12:51:46.885Z",
        "dateReserved": "2024-04-02T20:48:20.321Z",
        "dateUpdated": "2026-04-08T17:12:18.505Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-3869 (GCVE-0-2024-3869)

    Vulnerability from cvelistv5 – Published: 2024-04-16 12:51 – Updated: 2026-04-08 17:05
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.46.0 (semver)
    Create a notification for this product.
    Credits
    Thura Moe Myint
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3869",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-26T15:26:39.659043Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-26T15:26:51.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:26:57.163Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/881e8096-e75f-49a7-87ed-c230e93ea378?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L470"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.46.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Thura Moe Myint"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the \u0027woocommerce_json_search_coupons\u0027 function . This makes it possible for attackers with subscriber level access to view coupon codes."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:05:14.241Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/881e8096-e75f-49a7-87ed-c230e93ea378?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L470"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-04-15T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.46.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-3869",
        "datePublished": "2024-04-16T12:51:46.310Z",
        "dateReserved": "2024-04-16T00:15:13.946Z",
        "dateUpdated": "2026-04-08T17:05:14.241Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-51692 (GCVE-0-2023-51692)

    Vulnerability from cvelistv5 – Published: 2024-02-28 18:49 – Updated: 2026-04-28 16:09
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control
    Summary
    Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    CusRev Customer Reviews for WooCommerce Affected: n/a , ≤ 5.38.1 (custom)
    Create a notification for this product.
    Credits
    Abdi Pranata (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-51692",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T20:15:44.614708Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-05T17:22:04.550Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:40:34.165Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "customer-reviews-woocommerce",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "CusRev",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "5.38.2",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "5.38.1",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Abdi Pranata (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.\u003cp\u003eThis issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.\u003c/p\u003e"
                }
              ],
              "value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:09:04.783Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a05.38.2 or a higher version."
                }
              ],
              "value": "Update to\u00a05.38.2 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Customer Reviews for WooCommerce Plugin \u003c= 5.38.1 is vulnerable to Broken Access Control",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-51692",
        "datePublished": "2024-02-28T18:49:02.498Z",
        "dateReserved": "2023-12-21T18:32:24.434Z",
        "dateUpdated": "2026-04-28T16:09:04.783Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1044 (GCVE-0-2024-1044)

    Vulnerability from cvelistv5 – Published: 2024-02-20 18:56 – Updated: 2026-04-08 16:49
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.38.12 (semver)
    Create a notification for this product.
    cusrev customer_reviews_for_woocommerce Affected: 0 , ≤ 5.38.12 (semver)
        cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Francesco Carlucci
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:26:30.413Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12\u0026old=3032310\u0026new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0\u0026new=3032310\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:cusrev:customer_reviews_for_woocommerce:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "customer_reviews_for_woocommerce",
                "vendor": "cusrev",
                "versions": [
                  {
                    "lessThanOrEqual": "5.38.12",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1044",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T18:59:54.295316Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-11T13:29:43.855Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.38.12",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Francesco Carlucci"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the \u0027submit_review\u0027 function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:49:17.190Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12\u0026old=3032310\u0026new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0\u0026new=3032310\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-06T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.38.10 - Improper Authorization via submit_review"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-1044",
        "datePublished": "2024-02-20T18:56:28.134Z",
        "dateReserved": "2024-01-29T17:29:42.510Z",
        "dateUpdated": "2026-04-08T16:49:17.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0079 (GCVE-0-2023-0079)

    Vulnerability from cvelistv5 – Published: 2024-01-16 15:54 – Updated: 2025-06-02 15:10
    VLAI
    Title
    Customer Reviews for WooCommerce < 5.17.0 - Contributor+ Stored XSS
    Summary
    The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/fdaba4d1-950d-45… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Customer Reviews for WooCommerce Affected: 0 , < 5.17.0 (semver)
    Create a notification for this product.
    Credits
    Lana Codes WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:54:32.839Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/fdaba4d1-950d-4512-95de-cd43fe9e73e5/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 5.4,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "LOW",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0079",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-09T23:37:57.752175Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-02T15:10:16.362Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "5.17.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lana Codes"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-79 Cross-Site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-16T15:54:58.622Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/fdaba4d1-950d-4512-95de-cd43fe9e73e5/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Customer Reviews for WooCommerce \u003c 5.17.0 - Contributor+ Stored XSS",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-0079",
        "datePublished": "2024-01-16T15:54:58.622Z",
        "dateReserved": "2023-01-05T08:26:53.723Z",
        "dateUpdated": "2025-06-02T15:10:16.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-6979 (GCVE-0-2023-6979)

    Vulnerability from cvelistv5 – Published: 2024-01-11 08:32 – Updated: 2026-04-08 16:50
    VLAI
    Title
    Customer Reviews for WooCommerce <= 5.38.9 - Authenticated (Author+) Arbitrary File Upload
    Summary
    The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-434 - Unrestricted Upload of File with Dangerous Type
    Assigner
    Impacted products
    Vendor Product Version
    ivole Customer Reviews for WooCommerce Affected: 0 , ≤ 5.38.9 (semver)
    Create a notification for this product.
    Credits
    Artem Guzhva
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T08:50:06.907Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php#L35"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://drive.proton.me/urls/K4R2HDQBS0#iuTPm3NqZEdz"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3018507%40customer-reviews-woocommerce\u0026new=3018507%40customer-reviews-woocommerce\u0026sfp_email=\u0026sfph_mail="
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3016708%40customer-reviews-woocommerce\u0026new=3016708%40customer-reviews-woocommerce\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-6979",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-17T19:09:49.881438Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-11-14T15:52:34.768Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "ivole",
              "versions": [
                {
                  "lessThanOrEqual": "5.38.9",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Artem Guzhva"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for authenticated attackers, with author-level access and above, to upload arbitrary files on the affected site\u0027s server which may make remote code execution possible."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:50:51.354Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4af801db-44a6-4cd3-bd1a-3125490c8c48?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/import-export/class-cr-reviews-importer.php#L35"
            },
            {
              "url": "https://drive.proton.me/urls/K4R2HDQBS0#iuTPm3NqZEdz"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3018507%40customer-reviews-woocommerce\u0026new=3018507%40customer-reviews-woocommerce\u0026sfp_email=\u0026sfph_mail="
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3016708%40customer-reviews-woocommerce\u0026new=3016708%40customer-reviews-woocommerce\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-09T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Customer Reviews for WooCommerce \u003c= 5.38.9 - Authenticated (Author+) Arbitrary File Upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2023-6979",
        "datePublished": "2024-01-11T08:32:34.291Z",
        "dateReserved": "2023-12-20T07:34:22.067Z",
        "dateUpdated": "2026-04-08T16:50:51.354Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-0080 (GCVE-0-2023-0080)

    Vulnerability from cvelistv5 – Published: 2023-02-13 14:32 – Updated: 2025-03-21 15:24
    VLAI
    Title
    Customer Reviews for WooCommerce < 5.16.0 - Contributor+ LFI
    Summary
    The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/6b0d63ed-e244-4f… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown Customer Reviews for WooCommerce Affected: 0 , < 5.16.0 (custom)
    Create a notification for this product.
    Credits
    Lana Codes WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:54:32.585Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/6b0d63ed-e244-4f20-8f10-a6e0c7ccadd4"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-0080",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-21T15:23:47.489292Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-21T15:24:17.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "product": "Customer Reviews for WooCommerce",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "5.16.0",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lana Codes"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WP install, authors could easily achieve that given that they have the upload_file capability."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-13T14:32:22.189Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/6b0d63ed-e244-4f20-8f10-a6e0c7ccadd4"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "Customer Reviews for WooCommerce \u003c 5.16.0 - Contributor+ LFI",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2023-0080",
        "datePublished": "2023-02-13T14:32:22.189Z",
        "dateReserved": "2023-01-05T08:30:50.719Z",
        "dateUpdated": "2025-03-21T15:24:17.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-38134 (GCVE-0-2022-38134)

    Vulnerability from cvelistv5 – Published: 2022-09-23 15:14 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control vulnerability
    Summary
    Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-264 - Permissions, Privileges, and Access Controls
    Assigner
    References
    Impacted products
    Date Public
    2022-09-22 00:00
    Credits
    Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:45:52.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38134",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:23:28.303512Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:01:28.267Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Customer Reviews for WooCommerce (WordPress plugin)",
              "vendor": "CusRev",
              "versions": [
                {
                  "lessThanOrEqual": "5.3.5",
                  "status": "affected",
                  "version": "\u003c= 5.3.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-264",
                  "description": "CWE-264 Permissions, Privileges, and Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:47.079Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 5.3.6 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Authenticated Broken Access Control vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-09-22T12:48:00.000Z",
              "ID": "CVE-2022-38134",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Authenticated Broken Access Control vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Customer Reviews for WooCommerce (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 5.3.5",
                                "version_value": "5.3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CusRev"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-264 Permissions, Privileges, and Access Controls"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-authenticated-broken-access-control-vulnerability/_s_id=cve"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 5.3.6 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-38134",
        "datePublished": "2022-09-23T15:14:40.358Z",
        "dateReserved": "2022-09-08T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:47.079Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-38470 (GCVE-0-2022-38470)

    Vulnerability from cvelistv5 – Published: 2022-09-23 15:08 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Impacted products
    Date Public
    2022-09-22 00:00
    Credits
    Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T10:54:03.675Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-38470",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:23:31.199264Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:01:35.709Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Customer Reviews for WooCommerce (WordPress plugin)",
              "vendor": "CusRev",
              "versions": [
                {
                  "lessThanOrEqual": "5.3.5",
                  "status": "affected",
                  "version": "\u003c= 5.3.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:47.347Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 5.3.6 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-09-22T12:23:00.000Z",
              "ID": "CVE-2022-38470",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Cross-Site Request Forgery (CSRF) vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Customer Reviews for WooCommerce (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 5.3.5",
                                "version_value": "5.3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CusRev"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress."
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-352 Cross-Site Request Forgery (CSRF)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
                },
                {
                  "name": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-cross-site-request-forgery-csrf-vulnerability/_s_id=cve"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 5.3.6 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-38470",
        "datePublished": "2022-09-23T15:08:22.696Z",
        "dateReserved": "2022-09-08T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:47.347Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2022-40194 (GCVE-0-2022-40194)

    Vulnerability from cvelistv5 – Published: 2022-09-23 15:05 – Updated: 2026-04-28 16:07
    VLAI
    Title
    WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Sensitive Information Disclosure vulnerability
    Summary
    Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Date Public
    2022-09-22 00:00
    Credits
    Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T12:14:39.974Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2022-40194",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-20T19:15:19.981106Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-20T20:02:14.666Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Customer Reviews for WooCommerce (WordPress plugin)",
              "vendor": "CusRev",
              "versions": [
                {
                  "lessThanOrEqual": "5.3.5",
                  "status": "affected",
                  "version": "\u003c= 5.3.5",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
            }
          ],
          "datePublic": "2022-09-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200 Information Exposure",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:07:47.565Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Update to 5.3.6 or higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Sensitive Information Disclosure vulnerability",
          "x_generator": {
            "engine": "Vulnogram 0.0.9"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "audit@patchstack.com",
              "DATE_PUBLIC": "2022-09-22T12:01:00.000Z",
              "ID": "CVE-2022-40194",
              "STATE": "PUBLIC",
              "TITLE": "WordPress Customer Reviews for WooCommerce plugin \u003c= 5.3.5 - Sensitive Information Disclosure vulnerability"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Customer Reviews for WooCommerce (WordPress plugin)",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c=",
                                "version_name": "\u003c= 5.3.5",
                                "version_value": "5.3.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "CusRev"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Vulnerability discovered by Muhammad Daffa (Patchstack Alliance)"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin \u003c= 5.3.5 at WordPress"
                }
              ]
            },
            "generator": {
              "engine": "Vulnogram 0.0.9"
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-200 Information Exposure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve",
                  "refsource": "CONFIRM",
                  "url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-3-5-sensitive-information-disclosure-vulnerability/_s_id=cve"
                },
                {
                  "name": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers",
                  "refsource": "CONFIRM",
                  "url": "https://wordpress.org/plugins/customer-reviews-woocommerce/#developers"
                }
              ]
            },
            "solution": [
              {
                "lang": "en",
                "value": "Update to 5.3.6 or higher version."
              }
            ],
            "source": {
              "discovery": "EXTERNAL"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2022-40194",
        "datePublished": "2022-09-23T15:05:35.492Z",
        "dateReserved": "2022-09-08T00:00:00.000Z",
        "dateUpdated": "2026-04-28T16:07:47.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }