cleantalk
Vulnerabilities and Security Researches

ReviewX – Multi-criteria Rating & Reviews for WooCommerce, CVE-2025-10736

CVE, Research URL

CVE-2025-10736

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Published on
Mar 23, 2026
Research Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration
Affected versions
max 2.2.10.
Status
vulnerable
Previous vulnerability researches
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2024-37447) , Jul 02, 2024
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2025-14280) , Jan 27, 2026
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2025-22300) , Jan 09, 2025
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2024-7870) , Sep 05, 2024
PixelYourSite – Your smart PIXEL (TAG) Manager (CVE-2023-22700) , Jun 07, 2024
New vulnerability
WP Booking Calendar (CVE-2026-32358) , Mar 29, 2026
Subscriptions for WooCommerce – Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box – WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026