CVE-2025-10731 is an improper authorization vulnerability (CWE-285) found in the ReviewX – Multi-Criteria Reviews for WooCommerce plugin for WordPress, specifically in the allReminderSettings function. This flaw exists in all versions up to and including 2.2.12. The vulnerability allows unauthenticated attackers to retrieve authentication tokens without any user privileges or interaction. These tokens can then be used to bypass administrative restrictions, granting access to sensitive data exports. The exposed data includes personally identifiable information (PII) such as customer names, emails, phone numbers, addresses, order details, and other user-related information. The vulnerability arises because the plugin fails to properly enforce authorization checks on the allReminderSettings endpoint, allowing unrestricted access. The CVSS 3.1 base score is 5.3 (medium), reflecting network attack vector, low complexity, no privileges required, and no user interaction needed. Although no public exploits are currently known, the vulnerability represents a significant privacy risk and potential compliance violation for organizations using this plugin in their WooCommerce environments. The plugin is widely used in WordPress e-commerce sites, making the attack surface substantial. The lack of a patch at the time of reporting increases urgency for mitigation.

The primary impact of this vulnerability is the unauthorized disclosure of sensitive customer and order information, which can lead to privacy violations, identity theft, and regulatory non-compliance (e.g., GDPR, CCPA). Attackers gaining access to authentication tokens can further escalate access or maintain persistent unauthorized access to administrative functions. This data exposure can damage customer trust and result in financial and reputational losses for affected organizations. Since WooCommerce powers a significant portion of e-commerce websites worldwide, the scope of impact is broad. The vulnerability does not directly affect system integrity or availability but compromises confidentiality severely. Organizations handling large volumes of customer data or operating in regulated industries face increased risk. The ease of exploitation (no authentication or user interaction required) amplifies the threat, potentially enabling automated attacks at scale.

1. Immediately update the ReviewX plugin to a patched version once available from the vendor. Monitor vendor announcements for official patches. 2. If a patch is not yet available, disable or remove the ReviewX plugin to eliminate exposure. 3. Restrict access to the allReminderSettings endpoint via web application firewall (WAF) rules or server-level access controls to block unauthenticated requests. 4. Implement strict monitoring and alerting for unusual access patterns or data exports related to the plugin endpoints. 5. Review and audit logs for any suspicious activity indicating exploitation attempts. 6. Limit the amount of sensitive data stored or accessible through plugins and ensure data minimization principles are followed. 7. Educate site administrators on the risks and encourage regular plugin updates and security hygiene. 8. Consider additional hardening of WordPress installations, including least privilege principles for user roles and API token management. 9. Conduct a thorough data breach impact assessment and prepare incident response plans in case of compromise.