CVE-2026-56043
published 2026-06-26CVE-2026-56043: Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
PriorityP430high7.1CVSS 3.1
AVNACLPRNUIRSCCLILAL
EPSS
0.18%
7.7th percentile
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cusrev | customer_reviews_for_woocommerce | n/a – 5.110.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
CusRev Customer Reviews for WooCommerce Plugin up to 5.110.1 on WordPress cross site scripting (EUVD-2026-39704)
vuldb·2026-06-27·CVSS 7.1
CVE-2026-56043 [HIGH] CusRev Customer Reviews for WooCommerce Plugin up to 5.110.1 on WordPress cross site scripting (EUVD-2026-39704)
A vulnerability identified as problematic has been detected in CusRev Customer Reviews for WooCommerce Plugin up to 5.110.1 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting.
This vulnerability is referenced as CVE-2026-56043. Remote exploitation of the attack is possible. No exploit is available.
GHSA
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
ghsa_unreviewed·2026-06-26
CVE-2026-56043 [HIGH] CWE-79 Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-26
Published