WordPress Plugin Vulnerabilities

Google Review Slider < 17.6 - Missing Authorization

Description

The WP Google Review Slider plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 17.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
wp-google-places-review-slider
Fixed in 17.6

References

CVE
CVE-2025-66063
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/9e4a1671-56aa-4003-bed7-b793d14522d7

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nabil Irawan
Verified
No
WPVDB ID
1ecb4157-7322-4cab-acdc-eef9da2b8d8e

Timeline

Publicly Published
2025-11-14 (about 6 months ago)
Added
2025-11-25 (about 5 months ago)
Last Updated
2025-11-25 (about 5 months ago)

Other

Published
Title
Published
2026-02-19
Title
Nanosoft < 1.3.2 - Missing Authorization
Published
2024-12-23
Title
Print Invoice & Delivery Notes for WooCommerce < 5.4.1 - Missing Authorization to Authenticated (Subscriber+) Logo Deletion
Published
2025-02-14
Title
Media Library Folders < 8.3.1 - Missing Authorization to Plugin Settings Change
Published
2025-01-14
Title
NitroPack < 1.17.6 - Subscriber+ Limited Options Update
Published
2025-09-22
Title
Trustpilot Reviews < 3.6.0 - Missing Authorization