Cusrev

Customer Reviews For Woocommerce

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-45101

  • EPSS 0.09%
  • Veröffentlicht 02.01.2025 12:15:08
  • Zuletzt bearbeitet 05.02.2025 14:57:27

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0.

4.3

CVE-2024-10614

  • EPSS 0.19%
  • Veröffentlicht 16.11.2024 06:15:07
  • Zuletzt bearbeitet 05.02.2025 14:43:34

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. This makes it possible for authenticated at...

6.1

CVE-2024-3731

  • EPSS 1.1%
  • Veröffentlicht 19.04.2024 03:15:06
  • Zuletzt bearbeitet 05.02.2025 14:43:10

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 5.47.0 due to insufficient input sanitization and output escaping. This makes it pos...

4.3

CVE-2024-3243

  • EPSS 0.13%
  • Veröffentlicht 16.04.2024 13:15:11
  • Zuletzt bearbeitet 05.02.2025 14:42:19

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authent...

4.3

CVE-2024-3869

  • EPSS 0.28%
  • Veröffentlicht 16.04.2024 13:15:11
  • Zuletzt bearbeitet 05.02.2025 14:42:53

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level ac...

5.3

CVE-2024-1044

  • EPSS 0.29%
  • Veröffentlicht 29.02.2024 01:43:38
  • Zuletzt bearbeitet 11.07.2025 20:02:42

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for u...

4.3

CVE-2023-51692

  • EPSS 0.1%
  • Veröffentlicht 28.02.2024 19:15:10
  • Zuletzt bearbeitet 05.02.2025 14:55:53

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.

5.4

CVE-2023-0079

Exploit
  • EPSS 0.13%
  • Veröffentlicht 16.01.2024 16:15:10
  • Zuletzt bearbeitet 02.06.2025 16:15:24

The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor ro...

8.8

CVE-2023-6979

  • EPSS 3.74%
  • Veröffentlicht 11.01.2024 09:15:53
  • Zuletzt bearbeitet 21.11.2024 08:44:57

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. This makes it possible for ...

8.8

CVE-2023-0080

Exploit
  • EPSS 1.4%
  • Veröffentlicht 13.02.2023 15:15:20
  • Zuletzt bearbeitet 21.03.2025 16:15:15

The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow t...