CVE Catalog

CVE-2026-56043

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

The vulnerability allows an unauthenticated attacker to perform XSS attacks in Customer Reviews for WooCommerce version 5.110.1 and earlier.

Risk Assessment

An attacker can inject malicious JavaScript code that executes in the browser of an administrator or customer, leading to session theft, redirects, or data theft.

Recommendation

Immediately update the Customer Reviews for WooCommerce plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS