CVE-2022-38134 MEDIUM

CVE-2022-38134: WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control vulnerability

Vendor Cusrev

Product Customer Reviews for WooCommerce (WordPress plugin)

Weakness CWE-264

Published September 23, 2022

Last update April 28, 2026

CVSS base score

4.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Authenticated (subscriber+) Broken Access Control vulnerability in Customer Reviews for WooCommerce plugin <= 5.3.5 at WordPress.

Key dates

September 23, 2022 CVE published

April 28, 2026 Record updated

External resources

Related vulnerabilities

CVE CVE-2022-38134

CWE CWE-264

CVSS 4.3 / MEDIUM

Vendor Cusrev

Product Customer Reviews for WooCommerce (WordPress plugin)

Affected ≥ <= 5.3.5 and ≤ 5.3.5