Customer Reviews for WooCommerce

CusRev

Developer

5.105.0

Latest version

80,000

Installations

No date

Last updated

WordPress Plugin

No VDP

Claim ownership

Report vulnerability

Vulnerabilities

Security Contributors

Vulnerability history

0 present

16 patched

12 Mitigation rules

Unauthenticated Stored Cross-Site Scripting via media[].href Parameter vulnerability
<= 5.97.0
16/02/2026
Authenticated (Subscriber+) Stored Cross-Site Scripting via displayName Parameter vulnerability
<= 5.93.1
07/01/2026
Unauthenticated Stored Cross-Site Scripting via `author` Parameter vulnerability
<= 5.80.2
30/07/2025
Missing Authorization to Authenticated (Subscriber+) Import Cancellation vulnerability
<= 5.61.0
18/11/2024
Reflected Cross-Site Scripting via 's' vulnerability
<= 5.47.0
19/04/2024
Missing Authorization to Authenticated (Subscriber+) Coupon Search vulnerability
<= 5.46.0
17/04/2024
Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending vulnerability
<= 5.46.0
16/04/2024
Improper Authorization via submit_review vulnerability
<= 5.38.12
07/02/2024
Authenticated Arbitrary File Upload vulnerability
<= 5.38.9
09/01/2024
Broken Access Control vulnerability
<= 5.38.1
27/12/2023
Broken Access Control vulnerability
<= 5.36.0
06/10/2023
Contributor+ Stored XSS vulnerability
< 5.17.0
24/01/2023
Contributor+ LFI vulnerability
< 5.16.0
23/01/2023
Authenticated Broken Access Control vulnerability
<= 5.3.5
22/09/2022
Cross-Site Request Forgery (CSRF) vulnerability
<= 5.3.5
22/09/2022
Sensitive Information Disclosure vulnerability
<= 5.3.5
22/09/2022