Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total3
Critical0
High2
Medium1
Reset
Showing 1-3 of 3 records
Threat Entry Updated 2025-06-27

CVE-2024-3609 - Reviewx Plugin

The ReviewX – Multi-criteria Rating & Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized deletion of data due to a missing capability check on the reviewx_remove_guest_image function in all versions up to, and including, 1.6.27. This makes it possible for authenticated attackers, with subscriber access and above, to delete attachments.

PLUGIN Reviewx

CVE-2024-3609

MEDIUM CVSS 4.3 2024-05-16
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2833 - Reviewx Plugin

The ReviewX plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.6.13 due to insufficient restriction on the 'rx_set_screen_options' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_screen_options[option]' and 'wp_screen_options[value]' parameters during a screen option update.

PLUGIN Reviewx

CVE-2023-2833

HIGH CVSS 8.8 2023-06-06
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-26325 - Reviewx Plugin

The 'rx_export_review' action in the ReviewX WordPress Plugin, is affected by an authenticated SQL injection vulnerability in the 'filterValue' and 'selectedColumns' parameters.

PLUGIN Reviewx

CVE-2023-26325

HIGH CVSS 8.8 2023-02-23
Open Full Technical Breakdown
Scroll to top