本頁列出影響 wpdeveloper reviewx 的已公開 CVE 漏洞(透過 NVD CPE 關聯)。每列包含嚴重程度評分、摘要與發布日期,便於識別與分析安全議題。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-40670 | Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17. | [email protected] | 4.3 | 0.38% | 2024-12-13 | 2026-04-28 |
| CVE-2024-43323 | Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28. | [email protected] | 5.3 | 0.47% | 2024-11-01 | 2024-11-19 |
| CVE-2024-3609 | The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments. | [email protected] | 4.3 | 0.37% | 2024-05-16 | 2026-04-08 |
| CVE-2024-33921 | Broken Access Control vulnerability in ReviewX.This issue affects ReviewX: from n/a through 1.6.21. | [email protected] | 4.3 | 0.40% | 2024-05-03 | 2026-04-28 |
| CVE-2024-29812 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReviewX allows Stored XSS.This issue affects ReviewX: from n/a through 1.6.22. | [email protected] | 6.5 | 0.36% | 2024-03-27 | 2026-04-28 |
| CVE-2022-46809 | Improper Neutralization of Formula Elements in a CSV File vulnerability in WPDeveloper ReviewX – Multi-criteria Rating & Reviews for WooCommerce.This issue affects ReviewX – Multi-criteria Rating & Reviews for WooCommerce: from n/a through 1.6.7. | [email protected] | 6.1 | 0.79% | 2023-11-07 | 2026-04-28 |
| CVE-2023-2833 | The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update. | [email protected] | 8.8 | 17.48% | 2023-06-06 | 2026-04-08 |
| CVE-2023-26325 | The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters. | [email protected] | 8.8 | 0.87% | 2023-02-23 | 2024-11-21 |