Primary

Context

ReviewX WooCommerce Product Reviews Plugin Improper Authorization Vulnerability Allowing Unauthenticated Data Access and Modification

Vulnerability

Patched

A vulnerability exists in the ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress, in all versions through 2.2.10. The issue arises from inadequate authorization checks in the userAccessibility() function, enabling unauthenticated attackers to access protected REST API endpoints and manipulate information related to users and the plugin's configuration.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive information via the REST API, with the ability to both extract and modify user-related data and plugin settings.

Remediation

Users are advised to update the ReviewX WooCommerce Product Reviews plugin to version 2.2.12 or a newer patched version.

Added: Mar 23, 2026, 5:19 AM

Updated: Mar 23, 2026, 5:19 AM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

8.2

remediation

7.7

relevance

4.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

5.0

exploitability

8.2

remediation

7.7

relevance

4.5

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ReviewX WooCommerce Product Reviews Plugin Improper Authorization Vulnerability Allowing Unauthenticated Data Access and Modification

Vulnerability

Impact

Remediation

Affected Products

ReviewX

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating