CVE-2026-1316
Stored XSS in WooCommerce Customer Reviews Plugin Allows Script Injection
Publication date: 2026-02-12
Last updated on: 2026-02-12
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordfence | customer_reviews_for_woocommerce | to 5.97.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Customer Reviews for WooCommerce plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the 'media[].href' parameter in all versions up to and including 5.97.0.
This vulnerability exists because the plugin does not properly sanitize input or escape output, allowing attackers to inject malicious web scripts.
If the 'Enable for Guests' setting is enabled, unauthenticated attackers can exploit this to inject scripts that execute whenever a user views the affected page.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary scripts in the context of users visiting the affected pages.
- Steal sensitive information such as cookies or session tokens.
- Perform actions on behalf of the user without their consent.
- Potentially deface the website or redirect users to malicious sites.
Because the attack can be performed by unauthenticated users if guest reviews are enabled, the risk is higher.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability involves Stored Cross-Site Scripting via the 'media[].href' parameter in the Customer Reviews for WooCommerce plugin. Detection would involve identifying if this parameter is being exploited to inject arbitrary scripts.
Since the vulnerability is related to insufficient input sanitization and output escaping on the 'media[].href' parameter, you can monitor HTTP requests and responses for suspicious script tags or unusual payloads in this parameter.
- Use web application firewall (WAF) or intrusion detection system (IDS) rules to detect script injection attempts targeting 'media[].href'.
- Inspect web server logs or proxy logs for HTTP requests containing suspicious JavaScript code in the 'media[].href' parameter.
- Example command to search Apache or Nginx logs for suspicious payloads: grep -i "<script" /var/log/apache2/access.log | grep "media[].href"
- Use curl or similar tools to test the parameter manually by sending payloads and observing if scripts are reflected or stored.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The primary mitigation step is to update the Customer Reviews for WooCommerce plugin to version 5.98.0 or later, as this update includes extensive changes likely addressing the vulnerability.'}, {'type': 'paragraph', 'content': 'The update introduces new security features, including secure token handling via Firebase JWT classes, and improvements in input sanitization and output escaping.'}, {'type': 'list_item', 'content': 'Immediately upgrade the plugin to version 5.98.0 or newer.'}, {'type': 'list_item', 'content': "If upgrading is not immediately possible, consider disabling the 'Enable for Guests' option to prevent unauthenticated attackers from exploiting the vulnerability."}, {'type': 'list_item', 'content': "Implement web application firewall rules to block suspicious payloads targeting the 'media[].href' parameter."}, {'type': 'list_item', 'content': 'Regularly monitor logs for signs of exploitation attempts.'}] [2]