Description

The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails.

INFO

Published Date :

2024-04-16T12:51:46.885Z

Last Modified :

2026-04-08T17:12:18.505Z

Source :

Wordfence
AFFECTED PRODUCTS

The following products are affected by CVE-2024-3243 vulnerability.

Vendors Products
Cusrev
  • Customer Reviews For Woocommerce
Ivole
  • Customer Reviews For Woocommerce

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact