Shodan
Vulnerabilities
Vulnerable Software
Wpdeveloper:  >> Reviewx  >> 1.2.3  Security Vulnerabilities
CVE-2023-40670
Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-13
CVE-2024-43323
Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-11-01
CVE-2024-3609
The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-05-16
CVE-2024-33921
Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-05-03
CVE-2024-29812
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-03-27
CVE-2022-46809
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7.
CVSS Score
9.8
EPSS Score
0.007
Published
2023-11-07
CVE-2023-2833
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.
CVSS Score
8.8
EPSS Score
0.256
Published
2023-06-06
CVE-2023-26325
The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.
CVSS Score
8.8
EPSS Score
0.005
Published
2023-02-23


Products
Pricing
Contact Us

Shodan ® - All rights reserved