Reviewx

reviewx

Vendor: Wpdeveloper • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-40670 1Wpdeveloper 1Reviewx Apr 28, 2026 Dec 13, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
CVE-2024-43323 1Wpdeveloper 1Reviewx Nov 19, 2024 Nov 1, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.
CVE-2024-3609 1Wpdeveloper 1Reviewx Apr 8, 2026 May 16, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versio...Show more The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.Show less
CVE-2024-33921 1Wpdeveloper 1Reviewx Apr 28, 2026 May 3, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21.
CVE-2024-29812 1Wpdeveloper 1Reviewx Apr 28, 2026 Mar 27, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.
CVE-2022-46809 1Wpdeveloper 1Reviewx Apr 28, 2026 Nov 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerc...Show more Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7.Show less
CVE-2023-2833 1Wpdeveloper 1Reviewx Apr 8, 2026 Jun 6, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenti...Show more The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.Show less
CVE-2023-26325 1Wpdeveloper 1Reviewx Nov 21, 2024 Feb 23, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.