WordPress Plugin Vulnerabilities

Plugin for Google Reviews < 2.2.3 - Subscriber+ Widget Creation

Description

The plugin does not have proper authorisation when creating widgets, which could allow users with a role as low as subscriber to create widgets

Affects Plugins

Plugin icon
widget-google-reviews
Fixed in 2.2.3

References

CVE
CVE-2022-45369

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
1b417345-1345-4ca0-b6b0-98df0f1f3fa4

Timeline

Publicly Published
2022-11-18 (about 3 years ago)
Added
2022-11-19 (about 3 years ago)
Last Updated
2022-11-19 (about 3 years ago)

Other

Published
Title
Published
2026-02-13
Title
MailChimp Campaigns <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection
Published
2026-01-30
Title
Serious Slider < 1.3.0 - Missing Authorization
Published
2023-08-24
Title
Secure Admin IP <= 2.0 - Missing Authorization via 'saveSettings'
Published
2025-01-16
Title
User Sync ActiveCampaign <= 1.3.2 - Missing Authorization
Published
2025-11-03
Title
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One 2.0.7 - 2.3.0 - Missing Authorization to Authenticated (Subscriber+) Post Creation