The Customer Reviews for WooCommerce plugin on WordPress can be changed by anyone without permission because it doesn’t check if they have the capability to do so. This means that even people who aren’t logged in can leave reviews with fake email addresses, no matter if reviews are allowed or not.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
