Vulnerabilities > Cusrev > Customer Reviews FOR Woocommerce > 5.6.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-01-02 | CVE-2023-45101 | Missing Authorization vulnerability in Cusrev Customer Reviews for Woocommerce Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0. | 4.3 |
| 2024-11-16 | CVE-2024-10614 | Missing Authorization vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cancel_import() function in all versions up to, and including, 5.61.0. | 4.3 |
| 2024-02-28 | CVE-2023-51692 | Unspecified vulnerability in Cusrev Customer Reviews for Woocommerce Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1. | 4.3 |
| 2024-01-16 | CVE-2023-0079 | Cross-site Scripting vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 |
| 2024-01-11 | CVE-2023-6979 | Unrestricted Upload of File with Dangerous Type vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ivole_import_upload_csv AJAX action in all versions up to, and including, 5.38.9. | 8.8 |
| 2023-02-13 | CVE-2023-0080 | Unspecified vulnerability in Cusrev Customer Reviews for Woocommerce The Customer Reviews for WooCommerce WordPress plugin before 5.16.0 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. | 8.8 |