WordPress Plugin Vulnerabilities
Customer Reviews for WooCommerce < 5.36.1 - Missing Authorization
Description
The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX actions in versions up to, and including, 5.36.0. This makes it possible for authenticated attackers with subscriber level access to cancel exports and obtain progress reports on exports.
Affects Plugins
References
Classification
Type
NO AUTHORISATION
OWASP top 10
CWE
CVSS
Miscellaneous
Verified
No
WPVDB ID
Timeline
Publicly Published
2023-10-04 (about 7 months ago)
Added
2023-12-07 (about 5 months ago)
Last Updated
2023-12-07 (about 5 months ago)