{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/reviewx/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["wordpress","woocommerce","reviewx","rce","vulnerability"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe ReviewX – WooCommerce Product Reviews plugin for WordPress, a tool designed to enhance product reviews, contains a critical vulnerability. Identified as CVE-2025-10679, this flaw stems from insufficient input validation within the \u003ccode\u003ebulkTenReviews\u003c/code\u003e function. Exploitation allows unauthenticated attackers to invoke arbitrary PHP class methods that either require no input or can utilize default values. This vulnerability affects ReviewX plugin versions up to and including 2.2.12. Successful exploitation can lead to sensitive information disclosure or, under certain server configurations and available methods, remote code execution. This poses a significant risk to e-commerce sites utilizing the vulnerable plugin, potentially impacting customer data and overall site integrity.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker sends a crafted HTTP request to the WordPress server targeting the vulnerable \u003ccode\u003ebulkTenReviews\u003c/code\u003e function in the ReviewX plugin.\u003c/li\u003e\n\u003cli\u003eThe crafted request includes malicious input designed to bypass the insufficient input validation within the \u003ccode\u003ebulkTenReviews\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003ebulkTenReviews\u003c/code\u003e function processes the attacker-controlled data without proper sanitization.\u003c/li\u003e\n\u003cli\u003eThe unsanitized input is passed to a variable function call mechanism, allowing the attacker to specify an arbitrary PHP class method.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages this vulnerability to call a PHP class method that requires no inputs or has default values.\u003c/li\u003e\n\u003cli\u003eDepending on the available methods and server configuration, the attacker may be able to trigger sensitive information disclosure.\u003c/li\u003e\n\u003cli\u003eIn more critical scenarios, the attacker might be able to call methods that allow writing to the file system or executing arbitrary commands, leading to remote code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the WordPress server, enabling them to install malware, steal data, or deface the website.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2025-10679 can lead to a range of damaging consequences. Sensitive information, such as customer data and administrative credentials, may be exposed. In the worst-case scenario, attackers can achieve remote code execution, granting them complete control over the affected WordPress server. This can result in website defacement, data theft, malware installation, and denial-of-service attacks. Given the wide usage of WooCommerce and ReviewX, a successful widespread attack could impact numerous e-commerce businesses.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eImmediately update the ReviewX plugin to the latest version (greater than 2.2.12) to patch CVE-2025-10679.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect ReviewX Arbitrary Method Calls\u003c/code\u003e to detect exploitation attempts targeting the \u003ccode\u003ebulkTenReviews\u003c/code\u003e function.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious POST requests to WordPress plugins with unusual parameters, as highlighted in the Sigma rule \u003ccode\u003eDetect ReviewX Arbitrary Method Calls\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eReview PHP configurations to harden against potential RCE attempts stemming from arbitrary method calls.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-24T12:00:00Z","date_published":"2026-03-24T12:00:00Z","id":"/briefs/2026-03-reviewx-rce/","summary":"The ReviewX WordPress plugin is vulnerable to arbitrary method calls, allowing unauthenticated attackers to potentially achieve remote code execution.","title":"ReviewX WordPress Plugin Arbitrary Method Call Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-03-reviewx-rce/"}],"language":"en","title":"CraftedSignal Threat Feed — Reviewx","version":"https://jsonfeed.org/version/1.1"}