Plattform
wordpress
Komponente
customer-reviews-woocommerce
Behoben in
5.103.1
5.104.0
CVE-2026-4664 describes an authentication bypass vulnerability affecting the Customer Reviews for WooCommerce plugin for WordPress. This flaw allows attackers to bypass review creation permissions checks, potentially enabling unauthorized review submissions. The vulnerability impacts versions up to 5.103.0, and a patch is available in version 5.104.0.
An attacker can exploit this vulnerability to submit fake reviews without proper authentication. This can damage the reputation of the website and mislead customers. The impact is amplified if the plugin is used on e-commerce sites with a high volume of reviews, as a malicious actor could flood the site with false or biased content. While the vulnerability doesn't directly lead to data exfiltration or system compromise, the manipulation of customer reviews can have significant business consequences and erode trust. The lack of authentication also opens the door to potential spam and abuse.
This vulnerability was publicly disclosed on 2026-04-10. Currently, there are no known public exploits or active campaigns targeting this specific vulnerability. It is not listed on the CISA KEV catalog at the time of this writing. The vulnerability's ease of exploitation, combined with the plugin's popularity, suggests it could become a target for automated attacks.
Websites using the Customer Reviews for WooCommerce plugin, particularly those with a large number of customer reviews or those relying heavily on customer feedback for sales. Shared hosting environments are also at increased risk, as vulnerabilities in plugins can affect multiple websites on the same server.
• wordpress / composer / npm:
grep -r "create_review_permissions_check" /var/www/html/wp-content/plugins/customer-reviews-for-woocommerce/• wordpress / composer / npm:
wp plugin list --status=all | grep customer-reviews-for-woocommerce• wordpress / composer / npm:
wp plugin update customer-reviews-for-woocommerce --alldisclosure
Exploit-Status
EPSS
0.18% (39% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade the Customer Reviews for WooCommerce plugin to version 5.104.0 or later. If upgrading is not immediately feasible, a temporary workaround involves restricting access to the review creation endpoint. This can be achieved by implementing a custom access control rule within the WordPress environment, requiring stricter authentication than the plugin currently enforces. Consider using a WordPress security plugin with WAF capabilities to block suspicious requests targeting the review creation functionality. After upgrading, verify the fix by attempting to create a review without proper authentication; it should be rejected.
Aktualisieren Sie auf Version 5.104.0 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-4664 is a vulnerability in the Customer Reviews for WooCommerce plugin that allows attackers to bypass authentication checks and submit reviews without proper authorization.
You are affected if you are using the Customer Reviews for WooCommerce plugin in versions up to 5.103.0. Check your plugin version and upgrade immediately if necessary.
Upgrade the Customer Reviews for WooCommerce plugin to version 5.104.0 or later. As a temporary workaround, restrict access to the review creation endpoint.
As of the current assessment, there are no known active exploits or campaigns targeting CVE-2026-4664, but the vulnerability's ease of exploitation suggests it could become a target.
Refer to the official Customer Reviews for WooCommerce plugin website or WordPress plugin repository for the latest security advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.