WordPress Plugin Vulnerabilities

Customer Reviews for WooCommerce < 5.3.6 - Unauthenticated Sensitive Information Disclosure

Description

The plugin discloses sensitive information to unauthenticated users

Affects Plugins

Plugin icon
customer-reviews-woocommerce
Fixed in 5.3.6

References

CVE
CVE-2022-40194

Classification

Type
SENSITIVE DATA DISCLOSURE
OWASP top 10
A3: Sensitive Data Exposure
CWE
CWE-200
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Muhammad Daffa
Verified
No
WPVDB ID
71d6548f-b740-4162-b08b-bb89773398bb

Timeline

Publicly Published
2022-09-22 (about 3 years ago)
Added
2022-09-24 (about 3 years ago)
Last Updated
2022-09-24 (about 3 years ago)

Other

Published
Title
Published
2024-02-02
Title
LearnDash LMS < 4.10.2 - Sensitive Information Exposure via assignments
Published
2024-07-09
Title
Gravity Forms: Multiple Form Instances < 1.1.2 - Unauthenticated Full Path Disclosure
Published
2025-03-31
Title
GTM Kit < 2.4.1 - Unauthenticated Sensitive Information Exposure
Published
2023-09-21
Title
DoLogin Security < 3.7.1 - Subscriber+ IP Address leak
Published
2025-06-05
Title
Modern Events Calendar < 7.22 - Information Exposure