| CVE-2026-3355 | Customer Reviews for WooCommerce <= 5.101.0 - Reflected Cross-Site Scripting via 'crsearch' | ivole | Customer Reviews for WooCommerce | Medium | 6.1 | 2026-04-16 06:44:53 | Deep Dive |
| CVE-2026-4664 | Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter | ivole | Customer Reviews for WooCommerce | Medium | 5.3 | 2026-04-10 01:24:57 | Deep Dive |
| CVE-2025-10679 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Limited Remote Code Execution | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | High | 7.3 | 2026-03-23 05:29:39 | Deep Dive |
| CVE-2025-10734 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | Medium | 5.3 | 2026-03-23 05:29:39 | Deep Dive |
| CVE-2025-10731 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | Medium | 5.3 | 2026-03-23 05:29:38 | Deep Dive |
| CVE-2025-10736 | ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data Manipulation | reviewx | ReviewX – Multi-Criteria Reviews for WooCommerce with Google Reviews & Schema | Medium | 6.5 | 2026-03-23 04:26:48 | Deep Dive |
| CVE-2026-32360 | WordPress Rich Showcase for Google Reviews plugin <= 6.9.4.3 - Cross Site Scripting (XSS) vulnerability | richplugins | Rich Showcase for Google Reviews | 中危 | - | 2026-03-13 11:42:04 | Deep Dive |
| CVE-2026-28132 | WordPress WooCommerce Photo Reviews plugin <= 1.4.4 - Content Injection vulnerability | villatheme | WooCommerce Photo Reviews | - | - | 2026-02-26 08:33:37 | Deep Dive |
| CVE-2026-25318 | WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulnerability | Wisernotify team | WiserReview Product Reviews for WooCommerce | - | - | 2026-02-19 08:26:55 | Deep Dive |
| CVE-2026-23804 | WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability | BBR Plugins | Better Business Reviews | - | - | 2026-02-19 08:26:50 | Deep Dive |
| CVE-2025-14452 | WP Customer Reviews <= 3.7.5 - Reflected Cross-Site Scripting via 'wpcr3_fname' Parameter | bompus | WP Customer Reviews | High | 7.2 | 2026-02-19 04:36:23 | Deep Dive |
| CVE-2026-1316 | Customer Reviews for WooCommerce <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter | ivole | Customer Reviews for WooCommerce | High | 7.2 | 2026-02-12 12:31:51 | Deep Dive |
| CVE-2025-15260 | MyRewards – Loyalty Points and Rewards for WooCommerce <= 5.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Loyalty Rule Modification | lwsdevelopers | MyRewards | Medium | 6.5 | 2026-02-04 08:25:28 | Deep Dive |
| CVE-2026-24634 | WordPress Ultimate Reviews plugin <= 3.2.16 - Insecure Direct Object References (IDOR) vulnerability | Rustaurius | Ultimate Reviews | 中危 | - | 2026-01-23 14:29:09 | Deep Dive |
| CVE-2026-24562 | WordPress Ryviu – Product Reviews for WooCommerce plugin <= 3.1.26 - Broken Access Control vulnerability | Ryviu | Ryviu – Product Reviews for WooCommerce | 中危 | - | 2026-01-23 14:28:55 | Deep Dive |
| CVE-2025-69051 | WordPress ListingPro Reviews theme <= 1.7 - Reflected Cross Site Scripting (XSS) vulnerability | CridioStudio | ListingPro Reviews | - | - | 2026-01-22 16:52:20 | Deep Dive |
| CVE-2025-13853 | Nearby Now Reviews <= 5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes | lnbadmin1 | Nearby Now Reviews | Medium | 6.4 | 2026-01-09 09:19:47 | Deep Dive |
| CVE-2025-14070 | Reviewify <= 1.0.7 - Missing Authorization to Authenticated (Contributor+) Arbitrary WooCommerce Coupon Creation | xfinitysoft | Reviewify — Review Discounts & Photo/Video Reviews for WooCommerce | High | 7.5 | 2026-01-07 09:21:01 | Deep Dive |
| CVE-2025-14891 | Customer Reviews for WooCommerce <= 5.93.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter | ivole | Customer Reviews for WooCommerce | Medium | 6.4 | 2026-01-07 03:21:03 | Deep Dive |
| CVE-2025-69354 | WordPress Better Business Reviews plugin <= 0.1.1 - Broken Access Control vulnerability | BBR Plugins | Better Business Reviews | Medium | 4.3 | 2026-01-06 16:36:41 | Deep Dive |