Social proof testimonials and reviews by Repuso < 5.00 – Missing Authorization | CVE 2023-46196 | Plugin Vulnerabilities

Description

The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to unauthorized access of data due to missing capability checks on several functions hooked via AJAX actions in versions up to, and including, 4.97. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve information about the plugin.

Affects Plugins

social-testimonials-and-reviews-widget

Fixed in 5.00

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/ec311df2-33af-4b91-80a1-252d934c7f61

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

300c80dc-a032-4f75-916e-37f2cfb3938d

Timeline

Publicly Published

2023-10-18 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-01-12 (about 2 years ago)

Other

Published

Title

Published

2025-02-13

Title

Event Tickets and Registration < 5.19.1.2 - Missing Authorization to Ticket Deletion

Published

2024-02-09

Title

NextMove Lite < 2.18.0 - Subscriber+ Arbitrary Plugin Installation/Activation

Published

2024-04-15

Title

GG Woo Feed for WooCommerce Shopping Feed < 1.2.7 - Missing Authorization

Published

2026-02-18

Title

TrueBooker < 1.1.7 - Missing Authorization

Published

2025-03-25

Title

WP Compress < 6.30.16 - Authenticated (Subscriber+) Missing Authorization via Multiple Functions