📄 Description (English)
The ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.12 via the allReminderSettings function. This makes it possible for unauthenticated attackers to obtain authentication tokens and subsequently bypass admin restrictions to access and export sensitive data including order details, names, emails, addresses, phone numbers, and user information.
🤖 AI Executive Summary
CVE-2025-10731 affects the ReviewX WooCommerce plugin, allowing unauthenticated attackers to extract authentication tokens and bypass admin controls to access sensitive customer data including orders, emails, and personal information. With no patch available and the vulnerability present in all versions up to 2.2.12, this poses immediate risk to e-commerce platforms in Saudi Arabia. The medium CVSS score (5.3) understates the business impact due to data exposure severity and compliance implications under Saudi regulations.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: May 29, 2026 09:36
🇸🇦 Saudi Arabia Impact Assessment
High impact on Saudi e-commerce sector, particularly small and medium enterprises (SMEs) using WooCommerce. Banking sector at risk if integrated with payment gateways (SADAD, Telr, 2Checkout). Telecom companies (STC, Mobily, Zain) operating online stores vulnerable. Healthcare e-commerce platforms selling medical products exposed. Retail and logistics sectors relying on WooCommerce for order management face customer data breach risks. Non-compliance with SAMA data protection requirements and NCA cybersecurity standards could result in regulatory penalties.
🏢 Affected Saudi Sectors
E-commerce/Retail
Banking and Financial Services
Telecommunications
Healthcare
Logistics and Supply Chain
Government (e-services)
Hospitality and Tourism
🎯 MITRE ATT&CK Techniques
T1078 - Valid Accounts (authentication token extraction)
T1087 - Account Discovery (user information enumeration)
T1005 - Data from Local System (sensitive data access)
T1020 - Automated Exfiltration (data export functionality)
T1566 - Phishing (potential follow-up attacks using exposed emails)
T1110 - Brute Force (authentication bypass attempts)
T1526 - Reconnaissance (plugin vulnerability scanning)
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Disable the ReviewX plugin immediately on all WooCommerce installations until patch is available
2. Audit access logs for the allReminderSettings function endpoint for unauthorized access attempts
3. Force password reset for all admin and customer accounts as precautionary measure
4. Review exported data logs to identify if sensitive information was accessed
COMPENSATING CONTROLS:
1. Implement Web Application Firewall (WAF) rules to block requests to allReminderSettings endpoint
2. Restrict plugin access via .htaccess or nginx configuration to authenticated users only
3. Enable WordPress security plugins (Wordfence, Sucuri) with real-time monitoring
4. Implement rate limiting on authentication endpoints
5. Deploy IP whitelisting for admin access
DETECTION RULES:
1. Monitor for POST/GET requests to /wp-admin/admin-ajax.php?action=allReminderSettings
2. Alert on authentication token extraction patterns in access logs
3. Track unusual data export activities from WooCommerce admin
4. Monitor for multiple failed authentication attempts followed by successful access
PATCHING:
1. Contact ReviewX plugin developers for security update timeline
2. Prepare migration plan to alternative review plugins (Yotpo, Trustpilot integration)
3. Once patch released, test in staging environment before production deployment
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تعطيل مكون ReviewX فوراً على جميع تثبيتات WooCommerce حتى توفر التصحيح
2. تدقيق سجلات الوصول لدالة allReminderSettings للكشف عن محاولات الوصول غير المصرح بها
3. فرض إعادة تعيين كلمة المرور لجميع حسابات المسؤول والعملاء كإجراء احترازي
4. مراجعة سجلات البيانات المُصدَّرة لتحديد ما إذا تم الوصول إلى المعلومات الحساسة
عناصر التحكم التعويضية:
1. تنفيذ قواعد جدار حماية تطبيقات الويب (WAF) لحظر الطلبات إلى نقطة نهاية allReminderSettings
2. تقييد وصول المكون عبر .htaccess أو إعدادات nginx للمستخدمين المصرح لهم فقط
3. تفعيل مكونات أمان WordPress (Wordfence, Sucuri) مع المراقبة في الوقت الفعلي
4. تنفيذ تحديد معدل على نقاط نهاية المصادقة
5. نشر قائمة بيضاء للعناوين IP لوصول المسؤول
قواعد الكشف:
1. مراقبة طلبات POST/GET إلى /wp-admin/admin-ajax.php?action=allReminderSettings
2. تنبيهات على أنماط استخراج رموز المصادقة في سجلات الوصول
3. تتبع أنشطة تصدير البيانات غير العادية من إدارة WooCommerce
4. مراقبة محاولات المصادقة الفاشلة المتعددة متبوعة بالوصول الناجح
التصحيح:
1. الاتصال بمطوري مكون ReviewX لمعرفة جدول زمني لتحديث الأمان
2. تحضير خطة الهجرة إلى مكونات مراجعة بديلة (تكامل Yotpo, Trustpilot)
3. بمجرد إصدار التصحيح، اختبره في بيئة التدريج قبل نشره في الإنتاج
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies (unauthorized access to admin functions)
ECC 2024 A.5.2.1 - User Registration and Access Management (authentication bypass)
ECC 2024 A.5.3.1 - Password Management (token exposure)
ECC 2024 A.6.1.2 - Information Classification and Handling (sensitive data exposure)
ECC 2024 A.7.1.1 - Event Logging (audit trail of unauthorized access)
🔵 SAMA CSF
SAMA CSF ID.AM-1 - Asset Management (inventory of vulnerable plugins)
SAMA CSF PR.AC-1 - Access Control (authentication and authorization)
SAMA CSF PR.DS-1 - Data Security (protection of customer PII)
SAMA CSF DE.AE-1 - Anomalies and Events (detection of unauthorized access)
SAMA CSF RS.MI-1 - Incident Mitigation (response to data exposure)
🟡 ISO 27001:2022
ISO 27001:2022 A.5.3 - Segregation of Duties (admin access controls)
ISO 27001:2022 A.6.2 - User Access Management (authentication mechanisms)
ISO 27001:2022 A.8.2 - Confidentiality (protection of sensitive data)
ISO 27001:2022 A.8.3 - Integrity (data protection from unauthorized modification)
ISO 27001:2022 A.12.4 - Logging (audit trails for security events)
🟣 PCI DSS v4.0.1
PCI DSS 1.1 - Firewall Configuration Standards (WAF implementation)
PCI DSS 2.1 - Default Passwords and Security Parameters (plugin security)
PCI DSS 6.2 - Security Patches (vulnerability remediation)
PCI DSS 7.1 - Access Control (least privilege principle)
PCI DSS 10.2 - User Access Logging (audit trails for data access)
🔗 References & Sources 4
🔗
🔗
🔗
🔗
https://plugins.trac.wordpress.org/browser/reviewx/tags/2.2.7/app/Rest/Controllers/Data...
security@wordfence.com
https://plugins.trac.wordpress.org/browser/reviewx/tags/2.2.7/app/Rest/Controllers/Emai...
security@wordfence.com
https://plugins.trac.wordpress.org/browser/reviewx/tags/2.2.7/app/Rest/Middleware/Admin...
security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/06b290c2-e458-46da-abed-0ab5d...
security@wordfence.com