CVE-2025-10734
Received Received - Intake
Sensitive Information Exposure in ReviewX WooCommerce Plugin

Publication date: 2026-03-23

Last updated on: 2026-03-23

Assigner: Wordfence

Description
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the syncedData function. This makes it possible for unauthenticated attackers to extract sensitive data including user names, emails, phone numbers, addresses.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-23
Last Modified
2026-03-23
Generated
2026-06-16
AI Q&A
2026-03-23
EPSS Evaluated
2026-06-14
NVD
CVE-2025-10734
EUVD
EUVD-2025-208928
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
reviewx woocommerce_product_reviews to 2.2.12 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-922 The product stores sensitive information without properly limiting read or write access by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in the ReviewX – WooCommerce Product Reviews plugin for WordPress, specifically in all versions up to and including 2.2.12. It is caused by the syncedData function which allows unauthenticated attackers to access sensitive information.

This flaw enables attackers to extract sensitive user data such as user names, email addresses, phone numbers, and physical addresses without needing to be logged in or have any privileges.

Impact Analysis

This vulnerability can lead to the exposure of sensitive personal information of users, including names, emails, phone numbers, and addresses.

Such exposure can result in privacy violations, identity theft, phishing attacks, and other malicious activities targeting affected users.

Since the vulnerability can be exploited by unauthenticated attackers remotely, it poses a significant risk to the confidentiality of user data.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-10734. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart