ReviewX – Multi-criteria Rating & Reviews for WooCommerce, 23800c44c3105f6215940161e0b91466a977163d

CVE, Research URL: 23800c44c3105f6215940161e0b91466a977163d
Home page URL: Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Application: ReviewX – Multi-criteria Rating & Reviews for WooCommerce
Published on: Jun 30, 2021
Research Description: ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More [reviewx] < 1.2.9 WooCommerce Reviews Plugin with Multi-criteria Rating by ReviewX < 1.2.9 - Cross-Site Request Forgery The WooCommerce Reviews Plugin with Multi-criteria Rating by ReviewX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions before 1.2.9. This is due to missing nonce validation in the ~/app/Controllers/Storefront/ReviewxPublic.php file. This makes it possible for unauthenticated attackers to perform unauthorized AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: max 1.2.9.
Status: vulnerable

ReviewX &#8211; Multi-criteria Rating &amp; Reviews for WooCommerce, 23800c44c3105f6215940161e0b91466a977163d