cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forreviewx reviewx

Direction: descending
Mar 29, 2026

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2025-10679

CVE, Research URL

CVE-2025-10679

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Mar 23, 2026
Research Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function that allows user-controlled data to be passed directly to a variable function call mechanism. This makes it possible for unauthenticated attackers to call arbitrary PHP class methods that take no inputs or have default values, potentially leading to information disclosure or remote code execution depending on available methods and server configuration.
Affected versions
max 2.2.12.
Status
vulnerable

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2025-10731

CVE, Research URL

CVE-2025-10731

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Mar 23, 2026
Research Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for unauthenticated attackers to obtain authentication tokens and subsequently bypass admin restrictions to access and export sensitive data including order details, names, emails, addresses, phone numbers, and user information.
Affected versions
max 2.2.12.
Status
vulnerable

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2025-10736

CVE, Research URL

CVE-2025-10736

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Mar 23, 2026
Research Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration
Affected versions
max 2.2.10.
Status
vulnerable

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2025-10734

CVE, Research URL

CVE-2025-10734

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Mar 23, 2026
Research Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated attackers to extract sensitive data including user names, emails, phone numbers, addresses.
Affected versions
max 2.2.12.
Status
vulnerable
Aug 20, 2024

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2024-43323

CVE, Research URL

CVE-2024-43323

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Nov 01, 2024
Research Description
Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.
Affected versions
max 1.6.29.
Status
vulnerable
Jun 10, 2024

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2023-40670

CVE, Research URL

CVE-2023-40670

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Dec 13, 2024
Research Description
Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
Affected versions
max 1.6.18.
Status
vulnerable
Jun 06, 2024

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2023-2833

CVE, Research URL

CVE-2023-2833

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Jun 06, 2023
Research Description
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.
Affected versions
max 1.2.9.
Status
vulnerable

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2022-46809

CVE, Research URL

CVE-2022-46809

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Nov 07, 2023
Research Description
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7.
Affected versions
max 1.6.8.
Status
vulnerable

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2023-26325

CVE, Research URL

CVE-2023-26325

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Feb 24, 2023
Research Description
The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.
Affected versions
max 1.6.9.
Status
vulnerable

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # CVE-2024-29812

CVE, Research URL

CVE-2024-29812

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Mar 27, 2024
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.
Affected versions
max 1.6.23.
Status
vulnerable

ReviewX – Multi-criteria Rating & Reviews for WooCommerce # 23800c44c3105f6215940161e0b91466a977163d

CVE, Research URL

23800c44c3105f6215940161e0b91466a977163d

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Date
Jun 30, 2021
Research Description
ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema &amp; More [reviewx] < 1.2.9 WooCommerce Reviews Plugin with Multi-criteria Rating by ReviewX < 1.2.9 - Cross-Site Request Forgery The WooCommerce Reviews Plugin with Multi-criteria Rating by ReviewX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.2.9. This is due to missing nonce validation in the ~/app/Controllers/Storefront/ReviewxPublic.php file. This makes it possible for unauthenticated attackers to perform unauthorized AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.2.9.
Status
vulnerable

ReviewX &#8211; Multi-criteria Rating &amp; Reviews for WooCommerce # CVE-2024-3609

CVE, Research URL

CVE-2024-3609

Home page URL

Security reports for ReviewX &#8211; Multi-criteria Rating &amp; Reviews for WooCommerce

Application

ReviewX &#8211; Multi-criteria Rating &amp; Reviews for WooCommerce

Date
May 17, 2024
Research Description
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.
Affected versions
max 1.6.28.
Status
vulnerable

ReviewX &#8211; Multi-criteria Rating &amp; Reviews for WooCommerce # CVE-2024-33921

CVE, Research URL

CVE-2024-33921

Home page URL

Security reports for ReviewX &#8211; Multi-criteria Rating &amp; Reviews for WooCommerce

Application

ReviewX &#8211; Multi-criteria Rating &amp; Reviews for WooCommerce

Date
May 03, 2024
Research Description
Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21.
Affected versions
max 1.6.22.
Status
vulnerable