CVE Catalog
CVE-2026-57359
HighCVSS 7.1Summary
The ReviewX plugin for WordPress versions 2.3.10 and earlier contains an unauthenticated Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious script without requiring authentication.
Risk Assessment
Risk includes user session theft, redirects to malicious sites, and website defacement. The attack can be performed by any visitor to the site.
Recommendation
Immediately update the ReviewX plugin to the latest available version. Also implement WAF rules blocking common XSS patterns.
Original NVD description (English source)
Unauthenticated Cross Site Scripting (XSS) in ReviewX <= 2.3.10 versions.

