CVE-2025-10736 in ReviewX Plugininformación

Resumen (Inglés)

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration

Responsable

Wordfence

Reservar

2025-09-19

Divulgación

2026-03-23

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
352472ReviewX Plugin REST API userAccessibility escalada de privilegios285No está definidoNo está definidoCVE-2025-10736

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

AnteriorVisión De ConjuntoPróximo

Might our Artificial Intelligence support you?

Check our Alexa App!