CVE-2025-10736

MEDIUM

ReviewX < 2.2.10 - Information Exposure

Title source: rule

Description

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration

References (2)

https://www.wordfence.com/threat-intel/vulnerabilities/id/505d7072-8fca-4b86-9b9c-3f39bc4dcfaf?source=cve

https://plugins.trac.wordpress.org/browser/reviewx/2.2.7/app/Rest/Middleware/AuthMiddleware.php#L41

Scores

CVSS v3 6.5

EPSS 0.0008

EPSS Percentile 23.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Details

CWE

CWE-285

Status published

Products (1)

reviewx/ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema < 2.2.10

Published Mar 23, 2026

Tracked Since Mar 23, 2026