cleantalk
Vulnerabilities and Security Researches

ReviewX – Multi-criteria Rating & Reviews for WooCommerce, CVE-2025-10736

CVE, Research URL

CVE-2025-10736

Home page URL

Security reports for ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Application

ReviewX – Multi-criteria Rating & Reviews for WooCommerce

Published on
Mar 23, 2026
Research Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration
Affected versions
max 2.2.10.
Status
vulnerable
Previous vulnerability researches
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2023-40670) , Jun 10, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2023-2833) , Jun 06, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2022-46809) , Jun 06, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2023-26325) , Jun 06, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce (CVE-2024-29812) , Jun 06, 2024
New vulnerability
BackWPup – WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026
Breeze – WordPress Cache Plugin (CVE-2025-13864) , Mar 29, 2026
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026