CVE-2025-10731 Overview
CVE-2025-10731 is a Sensitive Information Exposure vulnerability affecting the ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress. All versions up to and including 2.2.12 are impacted. The vulnerability exists in the allReminderSettings function, which allows unauthenticated attackers to obtain authentication tokens and subsequently bypass admin restrictions to access and export sensitive data including order details, customer names, emails, addresses, phone numbers, and user information.
Critical Impact
Unauthenticated attackers can extract authentication tokens to bypass administrative controls and exfiltrate sensitive customer PII including order details, names, emails, addresses, and phone numbers from WooCommerce stores.
Affected Products
- ReviewX – WooCommerce Product Reviews plugin for WordPress versions up to and including 2.2.12
- WordPress installations running vulnerable ReviewX plugin versions
- WooCommerce stores utilizing ReviewX for product reviews
Discovery Timeline
- 2026-03-23 - CVE CVE-2025-10731 published to NVD
- 2026-03-23 - Last updated in NVD database
Technical Details for CVE-2025-10731
Vulnerability Analysis
This vulnerability is classified under CWE-285 (Improper Authorization). The core issue lies in the allReminderSettings function within the ReviewX plugin, which fails to properly validate user authorization before returning sensitive configuration data. This improper authorization check allows unauthenticated users to access administrative functions that should be restricted.
The vulnerability enables a two-stage attack: first, attackers can retrieve authentication tokens through the exposed endpoint, and second, they can leverage these tokens to bypass the plugin's admin middleware restrictions. Once past the authorization controls, attackers gain access to data export functionality that exposes customer PII stored within WooCommerce orders.
The network-based attack vector requires no user interaction or authentication, making this vulnerability particularly dangerous for e-commerce sites handling customer data.
Root Cause
The root cause is improper authorization within the ReviewX plugin's REST API endpoints. The allReminderSettings function does not adequately verify that the requesting user has administrative privileges before returning sensitive configuration data, including authentication tokens. The AdminMiddleware.php component, which should enforce access controls, can be bypassed using the leaked tokens.
Attack Vector
The attack is network-based and can be executed remotely without authentication. An attacker would:
- Make an unauthenticated request to the vulnerable allReminderSettings endpoint
- Extract authentication tokens from the response
- Use the obtained tokens to bypass admin middleware restrictions
- Access data export functionality via the DataSyncController.php or EmailTemplateController.php endpoints
- Exfiltrate sensitive customer data including order details, names, emails, addresses, and phone numbers
The vulnerability is particularly concerning because it requires no prior authentication and affects the confidentiality of customer PII. Technical details of the vulnerable code paths can be found in the WordPress ReviewX Admin Middleware Code and the Wordfence Vulnerability Report.
Detection Methods for CVE-2025-10731
Indicators of Compromise
- Unusual REST API requests to ReviewX plugin endpoints, particularly those accessing allReminderSettings or data export functions
- Unauthenticated requests attempting to access administrative plugin functionality
- Unexpected data export activities from the ReviewX plugin
- Access logs showing repeated requests to /wp-json/reviewx/ endpoints from external IPs
Detection Strategies
- Monitor web server access logs for unauthenticated requests to ReviewX REST API endpoints
- Implement Web Application Firewall (WAF) rules to detect and block suspicious requests targeting ReviewX endpoints
- Review WordPress audit logs for unauthorized access attempts to plugin administrative functions
- Set up alerts for data export operations that occur outside normal business hours or from unexpected sources
Monitoring Recommendations
- Enable verbose logging for WordPress REST API requests
- Configure intrusion detection systems to flag requests targeting ReviewX plugin endpoints
- Implement real-time monitoring for customer data access patterns in WooCommerce
- Review access patterns to the EmailTemplateController and DataSyncController endpoints regularly
How to Mitigate CVE-2025-10731
Immediate Actions Required
- Update the ReviewX plugin to a version newer than 2.2.12 immediately
- Audit access logs for any indicators of exploitation attempts
- Review and rotate any authentication tokens or API keys associated with the ReviewX plugin
- Consider temporarily disabling the ReviewX plugin if an update is not immediately available
- Notify affected customers if evidence of data exfiltration is discovered
Patch Information
Organizations using the ReviewX plugin should update to a patched version that addresses this authorization bypass vulnerability. Check the official WordPress plugin repository for the latest version that remediates CVE-2025-10731. For additional details, refer to the Wordfence Vulnerability Report.
Workarounds
- Restrict access to WordPress REST API endpoints at the web server level using IP allowlisting
- Implement a Web Application Firewall (WAF) rule to block unauthenticated requests to ReviewX API endpoints
- Disable the ReviewX plugin until the patch can be applied if sensitive customer data is at risk
- Add additional authentication layers using WordPress security plugins
# Apache configuration to restrict ReviewX API access
<LocationMatch "^/wp-json/reviewx/">
Order deny,allow
Deny from all
Allow from 192.168.1.0/24
</LocationMatch>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
