CVE Catalog
CVE-2026-56043
HighCVSS 7.1Exploitation Probability (EPSS)
Low risk0.18%
8th percentile — higher than 8% of all known CVEs
Summary
The vulnerability allows an unauthenticated attacker to perform XSS attacks in Customer Reviews for WooCommerce version 5.110.1 and earlier.
Risk Assessment
An attacker can inject malicious JavaScript code that executes in the browser of an administrator or customer, leading to session theft, redirects, or data theft.
Recommendation
Immediately update the Customer Reviews for WooCommerce plugin to the latest available version that fixes this vulnerability.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.

