cleantalk
Vulnerabilities and Security Researches

ReviewX – Multi-criteria Rating & Reviews for WooCommerce, CVE-2025-10679

CVE, Research URL

CVE-2025-10679

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Published on
Mar 23, 2026
Research Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to arbitrary method calls in all versions up to, and including, 2.2.12. This is due to insufficient input validation in the bulkTenReviews function that allows user-controlled data to be passed directly to a variable function call mechanism. This makes it possible for unauthenticated attackers to call arbitrary PHP class methods that take no inputs or have default values, potentially leading to information disclosure or remote code execution depending on available methods and server configuration.
Affected versions
max 2.2.12.
Status
vulnerable
Previous vulnerability researches
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2023-40670) , Jun 10, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2023-2833) , Jun 06, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2022-46809) , Jun 06, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2023-26325) , Jun 06, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2024-29812) , Jun 06, 2024
New vulnerability
BackWPup – WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026
Breeze – WordPress Cache Plugin (CVE-2025-13864) , Mar 29, 2026
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026