Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in ReviewX – Multi-criteria Rating & Reviews for WooCommerce 1.6.8

  • Severity: high-risk
  • Status: Fixed
  • Publication: April 19, 2023

The ReviewX plugin for WordPress is vulnerable to a type of attack called SQL Injection. This attack can be used by people with certain levels of access to the website to get information that should be kept private. This vulnerability affects the plugin in versions up to and including 1.6.8. It is caused by not properly protecting user input and not preparing existing queries correctly.

Detected in:

ReviewX – Multi-criteria Rating & Reviews for WooCommerce fixed vulnerable versions: >= * <= 1.6.8
ReviewX – WooCommerce Product Reviews Plugin (Judge.me Alternative with Multi-Criteria, Emails, Schema & More) fixed vulnerable versions:
ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.