Approved changes feed: RSS · Atom
cpe:2.3:a:wpdeveloper:reviewx:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Wpdeveloper (5e68162c-cdc3-57bc-b7a0-1ebc1941e1cb) |
|---|---|
| Product | Reviewx (ff12ca7e-8bb1-5a37-8f5d-20bbc0a759db) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-43323 |
vulnerable | 2026-06-03 14:56:44.979784 |
WordPress ReviewX plugin <= 1.6.28 - Broken Access Control vulnerability
MEDIUM (5.3)
Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.
Published: 2024-11-01T14:17:24.988Z
Updated: 2026-04-28T16:10:12.812Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-3609 |
vulnerable | 2026-06-03 14:56:31.468733 |
ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization
MEDIUM (4.3)
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.
Published: 2024-05-16T20:31:04.842Z
Updated: 2026-04-08T17:33:53.413Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-33921 |
vulnerable | 2026-06-03 14:55:53.172855 |
WordPress ReviewX plugin <= 1.6.21 - Broken Access Control vulnerability
MEDIUM (4.3)
Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21.
Published: 2024-05-03T08:27:59.357Z
Updated: 2026-04-28T16:09:46.330Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-29812 |
vulnerable | 2026-06-03 14:55:27.488212 |
WordPress ReviewX plugin <= 1.6.22 - Cross Site Scripting (XSS) vulnerability
MEDIUM (6.5)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.
Published: 2024-03-27T12:09:33.434Z
Updated: 2026-04-28T16:09:19.713Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-40670 |
vulnerable | 2026-06-03 14:52:50.361042 |
WordPress ReviewX plugin <= 1.6.17 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
Published: 2024-12-13T14:24:08.244Z
Updated: 2026-04-28T16:08:37.133Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2833 |
vulnerable | 2026-06-03 14:51:44.109551 |
ReviewX <= 1.6.13 - Arbitrary Usermeta Update to Authenticated (Subscriber+) Privilege Escalation
HIGH (8.8)
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.
Published: 2023-06-06T09:33:23.412Z
Updated: 2026-04-08T17:00:26.446Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-26325 |
vulnerable | 2026-06-03 14:50:59.400319 |
Details available
The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.
Published: 2023-02-23T00:00:00.000Z
Updated: 2025-03-12T14:23:05.312Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-46809 |
vulnerable | 2026-06-03 14:48:26.517356 |
WordPress ReviewX Plugin <= 1.6.7 is vulnerable to CSV Injection
MEDIUM (6.1)
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7.
Published: 2023-11-07T16:37:50.679Z
Updated: 2026-04-28T16:07:54.613Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.