CVE-2026-56043
Deferred Deferred - Pending Action

Unauthenticated XSS in Customer Reviews for WooCommerce

Vulnerability report for CVE-2026-56043, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
patchstack customer_reviews_for_woocommerce to 5.110.1 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress Customer Reviews for WooCommerce Plugin, versions 5.110.1 and below, is vulnerable to an unauthenticated Cross Site Scripting (XSS) attack. This means attackers can inject malicious scripts into the customer reviews section without needing to be logged in or authenticated.

When visitors access the affected site, these malicious scripts can execute, potentially causing redirects, displaying unwanted advertisements, or other harmful actions.

The vulnerability has a CVSS severity score of 7.1, indicating a moderate level of danger and potential for widespread exploitation.

Impact Analysis

This vulnerability can impact you by allowing attackers to inject malicious scripts into your website's customer reviews section.

These scripts can execute when visitors access your site, potentially leading to unwanted redirects, displaying malicious advertisements, or other harmful behaviors that can damage your site's reputation and user trust.

Since the vulnerability can be exploited without authentication, it increases the risk of mass exploitation across many websites using the affected plugin versions.

Mitigation Strategies

To mitigate the Cross Site Scripting (XSS) vulnerability in Customer Reviews for WooCommerce versions 5.110.1 and below, you should immediately update the plugin to version 5.111.0 or later.

Alternatively, you can apply mitigation rules provided by Patchstack to reduce the risk until you can update.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56043. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart