CVE-2023-2833

HIGH

ReviewX plugin <1.6.13 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-2833. PoCs published by Alucard0x1.

AI-analyzed exploit summary The repository claims to exploit CVE-2023-2833 (privilege escalation in ReviewX WordPress plugin) but lacks actual exploit code, instead directing users to run an external executable ('Alucard0x1MassExploit.exe') and providing vague instructions. No technical details or code are included.

Description

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.

Exploits (1)

nomisec SUSPICIOUS 1 stars

by Alucard0x1 · poc

https://github.com/Alucard0x1/CVE-2023-2833

View Code ZIP pw:eip

The repository claims to exploit CVE-2023-2833 (privilege escalation in ReviewX WordPress plugin) but lacks actual exploit code, instead directing users to run an external executable ('Alucard0x1MassExploit.exe') and providing vague instructions. No technical details or code are included.

Classification

Suspicious 90%

Attack Type

Auth Bypass

Complexity

Theoretical

Reliability

Theoretical

Target: ReviewX WordPress plugin <= 1.6.13

Auth required

Prerequisites: Subscriber-level account with specific credentials (username: tt, password: tt) · List of target URLs in 'url.txt'

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory

https://lana.codes/lanavdb/a889c3ff-5df0-4d7e-951f-0b0406468efa/

Product

https://plugins.trac.wordpress.org/browser/reviewx/tags/1.6.13/includes/rx-functions.php#L972

Product

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2916148%40reviewx&old=2912114%40reviewx&sfp_email=&sfph_mail=#file472

Exploit, Third Party Advisory

https://www.wordfence.com/blog/2023/05/wpdeveloper-addresses-privilege-escalation-vulnerability-in-reviewx-wordpress-plugin/

Exploit, Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/70e1d701-2cff-4793-9e4c-5b16a4038e8d?source=cve

Scores

CVSS v3 8.8

EPSS 0.1748

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

reviewx/ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema < 1.6.13

wpdeveloper/reviewx < 1.6.13

Published Jun 06, 2023

Tracked Since Feb 18, 2026