ReviewX – Multi-criteria Rating & Reviews for WooCommerce, CVE-2024-3609
- CVE, Research URL
- Home page URL
-
Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce
- Published on
- May 17, 2024
- Research Description
- The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.
- Affected versions
-
max 1.6.28.
- Status
-
vulnerable