关键漏洞信息 CVE: CVE-2025-12123 CVSS: 6.1 (Medium) Publicly Published: November 26, 2025 Last Updated: November 27, 2025 Researcher: Jonas Benjamin Friedli Software Type: Plugin Software Slug: customer-reviews-collector-for-woocommerce Patched?: Yes Remediation: Update to version 4.7, or a newer patched version Affected Version: <= 4.6.1 Patched Version: 4.7 Description Reflected Cross-Site Scripting vulnerability in the Customer Reviews Collector for WooCommerce plugin <= 4.6.1. References plugins.trac.wordpress.org Additional Notes Wordfence Intelligence provides free API access and webhook integration for WordPress vulnerability data. Report vulnerabilities through the Wordfence bug bounty program.