CVE-2025-10731
Received Received - Intake

Sensitive Information Exposure in ReviewX WooCommerce Plugin

Vulnerability report for CVE-2025-10731, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-23

Last updated on: 2026-03-23

Assigner: Wordfence

Description

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for unauthenticated attackers to obtain authentication tokens and subsequently bypass admin restrictions to access and export sensitive data including order details, names, emails, addresses, phone numbers, and user information.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-23
Last Modified
2026-03-23
Generated
2026-07-06
AI Q&A
2026-03-23
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
reviewx reviewx to 2.2.12 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'The vulnerability in the ReviewX WordPress plugin (versions up to and including 2.2.12) allows unauthenticated attackers to exploit the allReminderSettings function to obtain authentication tokens.'}, {'type': 'paragraph', 'content': 'With these tokens, attackers can bypass admin restrictions and access sensitive information such as order details, names, emails, addresses, phone numbers, and other user data.'}, {'type': 'paragraph', 'content': "This occurs because the plugin's authorization middleware relies solely on a user ID comparison that can be manipulated, leading to unauthorized access."}] [3]

Impact Analysis

This vulnerability can lead to sensitive information exposure, allowing attackers to access and export private customer and order data without authentication.

  • Exposure of order details
  • Leakage of personal information such as names, emails, addresses, and phone numbers
  • Potential unauthorized access to user accounts or administrative functions

Such data breaches can result in privacy violations, identity theft, and loss of customer trust.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'The vulnerability in the ReviewX WordPress plugin allows unauthenticated attackers to access sensitive information via the allReminderSettings function. Detection would involve monitoring for unauthorized access attempts to this function or unusual API calls related to reminder settings or data export endpoints.'}, {'type': 'paragraph', 'content': 'Since the plugin exposes endpoints that allow exporting sensitive data (e.g., via the syncedData method that serves JSONL files), you can detect exploitation attempts by checking web server logs for HTTP requests targeting ReviewX REST API endpoints such as those related to reminder settings or data export.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect suspicious activity include searching web server logs for requests to ReviewX REST API endpoints:'}, {'type': 'list_item', 'content': "grep -i 'reviewx' /var/log/apache2/access.log | grep -E 'allReminderSettings|syncedData|dataSync'"}, {'type': 'list_item', 'content': "grep -i 'reviewx' /var/log/nginx/access.log | grep -E 'allReminderSettings|syncedData|dataSync'"}, {'type': 'paragraph', 'content': 'Additionally, monitoring for unusual HTTP GET or POST requests to these endpoints from unauthenticated IP addresses may help detect exploitation attempts.'}] [1, 4]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'To mitigate this vulnerability, immediate steps include:'}, {'type': 'list_item', 'content': 'Update the ReviewX plugin to a version later than 2.2.12 where the vulnerability is fixed.'}, {'type': 'list_item', 'content': 'If an update is not immediately possible, restrict access to the vulnerable REST API endpoints by implementing firewall rules or web application firewall (WAF) rules to block unauthenticated requests targeting the allReminderSettings function and related data export endpoints.'}, {'type': 'list_item', 'content': 'Review and tighten WordPress user permissions and authentication mechanisms to reduce the risk of unauthorized access.'}, {'type': 'list_item', 'content': "Monitor logs for suspicious activity targeting the plugin's REST API endpoints and respond accordingly."}] [1, 4]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10731. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart