CVE Catalog

CVE-2026-57359

HighCVSS 7.1
Published: Updated: Translated: NVD NIST

Summary

The ReviewX plugin for WordPress versions 2.3.10 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.

Risk Assessment

Risk includes user session theft, redirects to malicious sites, and website defacement. The attack can be performed by any visitor to the site.

Recommendation

Immediately update the ReviewX plugin to the latest available version. Also implement WAF rules blocking common XSS patterns.

Original NVD description (English source)

Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 2.3.10 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS