WordPress Plugin 'WP Product Review' Allows Unauthenticated Data Exposure

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

WordPress Plugin 'WP Product Review' Allows Unauthenticated Data Exposure

CGA-rq3j-hw6w-7wc2

Summary

A security issue exists in the WP Product Review plugin that can allow an attacker to access sensitive information without needing a login. This plugin is commonly used on WordPress websites. We recommend updating the WP Product Review plugin to the latest version to prevent potential data exposure.

What to do

Update chainguard aws-ebs-csi-driver-fips-1.56 to version 1.56.0-r3.
Update chainguard flux-fips-2.8 to version 2.8.1-r4.
Update chainguard victoriametrics to version 1.137.0-r2.
Update wolfi victoriametrics to version 1.137.0-r2.
Update chainguard victoriametrics-fips to version 1.137.0-r1.
Update chainguard victoriametrics-vmalert-fips to version 1.137.0-r1.
Update chainguard victoriametrics-vmagent-fips to version 1.137.0-r1.
Update chainguard amazon-k8s-cni-fips to version 1.22.0-r1.
Update chainguard amazon-k8s-cni-init-fips to version 1.22.0-r1.
Update chainguard gitlab-container-registry-fips-18.9 to version 18.9.1-r1.
Update chainguard gitlab-shell-fips-18.9 to version 18.9.1-r1.
Update chainguard steampipe to version 2.4.0-r2.
Update chainguard victoriametrics-vmauth-fips to version 1.137.0-r1.
Update wolfi steampipe to version 2.4.0-r2.
Update chainguard librechat to version 0.8.3-r0.

Affected software

Vendor	Product	Affected versions	Fix available
chainguard	aws-ebs-csi-driver-fips-1.56	<= 1.56.0-r3	1.56.0-r3
chainguard	flux-fips-2.8	<= 2.8.1-r4	2.8.1-r4
chainguard	aws-ebs-csi-driver-fips-1.56	<= 1.56.0-r3	1.56.0-r3
chainguard	flux-fips-2.8	<= 2.8.1-r4	2.8.1-r4
chainguard	gitlab-logger-fips-18.7	All versions	0
chainguard	gitlab-logger-fips-18.8	All versions	0
chainguard	gitlab-logger-fips-18.9	All versions	0
chainguard	victoriametrics	<= 1.137.0-r2	1.137.0-r2
wolfi	victoriametrics	<= 1.137.0-r2	1.137.0-r2
chainguard	gitlab-logger-fips-18.9	All versions	0
chainguard	victoriametrics	<= 1.137.0-r2	1.137.0-r2
wolfi	victoriametrics	<= 1.137.0-r2	1.137.0-r2
chainguard	boringssl-fips-static-2023042800-tools	All versions	0
chainguard	boringssl-fips-static-20240407-tools	All versions	0
chainguard	renovate	All versions	0
chainguard	victoriametrics-fips	<= 1.137.0-r1	1.137.0-r1
chainguard	victoriametrics-vmalert-fips	<= 1.137.0-r1	1.137.0-r1
wolfi	renovate	All versions	0
chainguard	boringssl-fips-static-2023042800-tools	All versions	0
chainguard	boringssl-fips-static-20240407-tools	All versions	0
chainguard	renovate	All versions	0
chainguard	victoriametrics-fips	<= 1.137.0-r1	1.137.0-r1
chainguard	victoriametrics-vmalert-fips	<= 1.137.0-r1	1.137.0-r1
wolfi	renovate	All versions	0
chainguard	chainguard-partners-demo	All versions	0
chainguard	victoriametrics-vmagent-fips	<= 1.137.0-r1	1.137.0-r1
chainguard	chainguard-partners-demo	All versions	0
chainguard	victoriametrics-vmagent-fips	<= 1.137.0-r1	1.137.0-r1
chainguard	amazon-k8s-cni-fips	<= 1.22.0-r1	1.22.0-r1
chainguard	amazon-k8s-cni-init-fips	<= 1.22.0-r1	1.22.0-r1
chainguard	gitlab-container-registry-fips-18.9	<= 18.9.1-r1	18.9.1-r1
chainguard	gitlab-shell-fips-18.9	<= 18.9.1-r1	18.9.1-r1
chainguard	steampipe	<= 2.4.0-r2	2.4.0-r2
chainguard	victoriametrics-vmauth-fips	<= 1.137.0-r1	1.137.0-r1
wolfi	steampipe	<= 2.4.0-r2	2.4.0-r2
chainguard	amazon-k8s-cni-fips	<= 1.22.0-r1	1.22.0-r1
chainguard	amazon-k8s-cni-init-fips	<= 1.22.0-r1	1.22.0-r1
chainguard	gitlab-container-registry-fips-18.9	<= 18.9.1-r1	18.9.1-r1
chainguard	gitlab-shell-fips-18.9	<= 18.9.1-r1	18.9.1-r1
chainguard	steampipe	<= 2.4.0-r2	2.4.0-r2
chainguard	victoriametrics-vmauth-fips	<= 1.137.0-r1	1.137.0-r1
wolfi	steampipe	<= 2.4.0-r2	2.4.0-r2
chainguard	librechat	<= 0.8.3-r0	0.8.3-r0
chainguard	librechat	<= 0.8.3-r0	0.8.3-r0

Original title

CGA-rq3j-hw6w-7wc2

Published: 10 Mar 2026 · Updated: 13 Mar 2026 · First seen: 10 Mar 2026