Vulnerabilities > Cusrev
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2023-0079 | Cross-site Scripting vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2024-01-11 | CVE-2023-6979 | Unrestricted Upload of File with Dangerous Type vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. | 8.8 |
| 2023-02-13 | CVE-2023-0080 | Unspecified vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. | 8.8 |
| 2022-09-23 | CVE-2022-38134 | Unspecified vulnerability in Cusrev Customer Reviews for Woocommerce Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | 8.8 |
| 2022-09-23 | CVE-2022-38470 | Cross-Site Request Forgery (CSRF) vulnerability in Cusrev Customer Reviews for Woocommerce Cross-Site Request Forgery (CSRF) vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress. | 8.8 |
| 2022-09-23 | CVE-2022-40194 | Information Exposure vulnerability in Cusrev Customer Reviews for Woocommerce Unauthenticated Sensitive Information Disclosure vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress | 7.5 |