WordPress Plugin Vulnerabilities

Site Reviews < 6.10.3 - Missing Authorization

Description

The Site Reviews plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'assignPost' and 'unassignPost' functions in versions up to, and including, 6.10.2. This makes it possible for authenticated attackers to assign and unassign posts to reviews.

Affects Plugins

Plugin icon
site-reviews
Fixed in 6.10.3

References

URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/1accc41e-41d2-49e3-a80a-6b95b02cb42e

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.4 (Medium)

Miscellaneous

Verified
No
WPVDB ID
5cb5c88c-2065-4497-bbba-a68ae6a2a65a

Timeline

Publicly Published
2023-08-29 (about 2 years ago)
Added
2023-11-24 (about 2 years ago)
Last Updated
2023-11-28 (about 2 years ago)

Other

Published
Title
Published
2025-12-31
Title
My Sticky Elements < 2.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Bulk Lead Deletion
Published
2026-03-16
Title
Royal Addons for Elementor < 1.7.1050 - Unauthenticated Custom Post Type Contents Exposure
Published
2025-02-19
Title
LTL Freight Quotes – GlobalTranz Edition < 2.3.13 - Missing Authorization to Unauthenticated Settings Update
Published
2025-03-18
Title
FoodBakery | Delivery Restaurant Directory WordPress Theme < 4.8 - Missing Authorization in Multiple Functions
Published
2023-12-16
Title
SpeedyCache < 1.1.4 - Missing Authorization to Plugin Options Update