CVE-2026-56043
Deferred Deferred - Pending Action
Unauthenticated XSS in Customer Reviews for WooCommerce

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-56043
EUVD
EUVD-2026-39704
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack customer_reviews_for_woocommerce to 5.110.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The WordPress Customer Reviews for WooCommerce Plugin, versions 5.110.1 and below, is vulnerable to an unauthenticated Cross Site Scripting (XSS) attack. This means attackers can inject malicious scripts into the customer reviews section without needing to be logged in or authenticated.

When visitors access the affected site, these malicious scripts can execute, potentially causing redirects, displaying unwanted advertisements, or other harmful actions.

The vulnerability has a CVSS severity score of 7.1, indicating a moderate level of danger and potential for widespread exploitation.

Impact Analysis

This vulnerability can impact you by allowing attackers to inject malicious scripts into your website's customer reviews section.

These scripts can execute when visitors access your site, potentially leading to unwanted redirects, displaying malicious advertisements, or other harmful behaviors that can damage your site's reputation and user trust.

Since the vulnerability can be exploited without authentication, it increases the risk of mass exploitation across many websites using the affected plugin versions.

Mitigation Strategies

To mitigate the Cross Site Scripting (XSS) vulnerability in Customer Reviews for WooCommerce versions 5.110.1 and below, you should immediately update the plugin to version 5.111.0 or later.

Alternatively, you can apply mitigation rules provided by Patchstack to reduce the risk until you can update.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-56043. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart