cleantalk
Vulnerabilities and Security Researches

ReviewX – Multi-criteria Rating & Reviews for WooCommerce, CVE-2025-10731

CVE, Research URL

CVE-2025-10731

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Published on
Mar 23, 2026
Research Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for unauthenticated attackers to obtain authentication tokens and subsequently bypass admin restrictions to access and export sensitive data including order details, names, emails, addresses, phone numbers, and user information.
Affected versions
max 2.2.12.
Status
vulnerable
Previous vulnerability researches
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2024-37447) , Jul 02, 2024
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2025-14280) , Jan 27, 2026
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2025-22300) , Jan 09, 2025
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2024-7870) , Sep 05, 2024
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2023-22700) , Jun 07, 2024
New vulnerability
WP Booking Calendar (CVE-2026-32358) , Mar 29, 2026
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box – WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026