Vulnerabilities (CVE)

Filtered by vendor Wpdeveloper Subscribe
Filtered by product Reviewx
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-43323 1 Wpdeveloper 1 Reviewx 2024-11-19 N/A 9.8 CRITICAL
Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28.
CVE-2023-2833 1 Wpdeveloper 1 Reviewx 2024-02-04 N/A 8.8 HIGH
The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.
CVE-2023-26325 1 Wpdeveloper 1 Reviewx 2024-02-04 N/A 8.8 HIGH
The 'rx_export_review' action in the ReviewX WordPress Plugin version < 1.6.4, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.