Customer Reviews for WooCommerce

Vulnerabilities 24Slug customer-reviews-woocommerceLatest version 5.109.0WordPress.org →

Minimum safe version

5.104.0

Update to 5.104.0 or later to address 24 fixable vulnerabilities

Latest available5.109.0 ✓

Medium 6.1

2026-04-16< 5.102.0

CVE-2026-3355

CVE Wordfence

N/A

2026-02-12< 5.98.0

Customer Reviews for WooCommerce <= 5.97.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter

Wordfence CVE

N/A

2026-04-09< 5.104.0

Customer Reviews for WooCommerce <= 5.103.0 - Unauthenticated Authentication Bypass to Arbitrary Review Submission via 'key' Parameter

Wordfence CVE

Medium 6.4

2026-01-07< 5.94.0

CVE-2025-14891

CVE Wordfence

Medium 6.4

2025-07-31< 5.81.0

Customer Reviews for WooCommerce <= 5.80.2 - Unauthenticated Stored Cross-Site Scripting via `author` Parameter

EUVD Wordfence Patchstack CVE

Medium 4.3

2024-11-18< 5.62.0

WordPress Customer Reviews for WooCommerce Plugin <= 5.61.0 is vulnerable to Broken Access Control

Patchstack CVE Wordfence

N/A

< 5.38.2

Customer Reviews for WooCommerce < 5.38.2 - Missing Authorization via manual review reminders

WPScan

N/A

< 5.38.2

Customer Reviews for WooCommerce < 5.38.2 - Cross-Site Request Forgery via manual review reminders

WPScan

Medium 6.1

2024-04-19< 5.48.0

CVE-2024-3731

CVE Patchstack Wordfence

Medium 4.3

2024-04-16< 5.47.0

CVE-2024-3243

CVE Patchstack Wordfence

Medium 4.3

2024-04-17< 5.47.0

WordPress Customer Reviews for WooCommerce Plugin <= 5.46.0 is vulnerable to Broken Access Control

Patchstack CVE Wordfence

Medium 5.3

2024-02-20< 5.39.0

CVE-2024-1044

CVE Wordfence Patchstack WPScan

High 8.8

2024-01-11< 5.38.10

CVE-2023-6979

CVE Wordfence Patchstack WPScan

N/A

< 5.36.1

Customer Reviews for WooCommerce < 5.36.1 - Missing Authorization

WPScan

Medium 4.3

2024-12-27< 5.38.2

WordPress Customer Reviews for WooCommerce Plugin <= 5.38.1 is vulnerable to Broken Access Control

Patchstack CVE Wordfence

N/A

2023-11-19< 5.38.2

Customer Reviews for WooCommerce <= 5.38.1 - Cross-Site Request Forgery via manual review reminders

Wordfence

N/A

2023-11-19< 5.38.2

Customer Reviews for WooCommerce <= 5.38.1 - Missing Authorization via manual review reminders

Wordfence

Medium 4.3

2025-01-02< 5.36.1

CVE-2023-45101

CVE Patchstack Wordfence WPScan

N/A

2023-10-04< 5.36.1

Customer Reviews for WooCommerce <= 5.36.0 - Missing Authorization

Wordfence

Medium 5.4

2024-01-16< 5.17.0

CVE-2023-0079

CVE Patchstack Wordfence WPScan

High 8.8

2023-02-13< 5.16.0

CVE-2023-0080

CVE Wordfence Patchstack WPScan

Medium 4.3

2022-09-23< 5.3.6

CVE-2022-38134

CVE Patchstack Wordfence WPScan

Medium 4.3

2022-09-23< 5.3.6

CVE-2022-38470

CVE Patchstack Wordfence WPScan

Medium 5.3

2022-09-23< 5.3.6

CVE-2022-40194

CVE Patchstack Wordfence WPScan