CVE-2025-10731 in ReviewX Plugin
Resumen (Inglés)
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for unauthenticated attackers to obtain authentication tokens and subsequently bypass admin restrictions to access and export sensitive data including order details, names, emails, addresses, phone numbers, and user information.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Responsable
Wordfence
Reservar
2025-09-19
Divulgación
2026-03-23
Estado
Confirmado
Voces
VulDB provides additional information and datapoints for this CVE:
| ID | Vulnerabilidad | CWE | Exp | Con | CVE |
|---|---|---|---|---|---|
| 352485 | ReviewX Plugin Setting allReminderSettings escalada de privilegios | 285 | No está definido | No está definido | CVE-2025-10731 |
Descripción
CPE
CWE
CVSS
Hazañas
Historia
Diferencia
Relacionar
Inteligencia de amenazas
API JSON
API XML
API CSV