WordPress Plugin Vulnerabilities

Rich Reviews < 1.8.0 - Unauthenticated Plugin Options Update

Description

This issue was found to be actively exploited in the wild by security vendor Wordfence. Refer to the references for further details.

Affects Plugins

Plugin icon
rich-reviews
Fixed in 1.8.0

References

URL
https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-exploited-in-the-wild/
URL
https://wordpress.org/support/topic/plugin-not-supported-open-to-malware-uninstall-now/

Miscellaneous

Verified
No
WPVDB ID
81bdc004-9b9c-49e2-b337-35a6d8395c5d

Timeline

Publicly Published
2019-09-24 (about 6 years ago)
Added
2019-09-24 (about 6 years ago)
Last Updated
2019-11-28 (about 6 years ago)

Other

Published
Title
Published
2015-03-12
Title
Custom Field Suite <= 2.4 - Insufficient Authorisation
Published
2023-10-03
Title
Captcha/Honeypot for Contact Form 7 < 1.11.4 - Captcha Bypass
Published
2025-09-19
Title
WP Private Content Plus <= 3.6.2 - Password Protection Bypass
Published
2024-02-01
Title
UserPro < 5.1.7 - Disabled Membership Registration Bypass
Published
2020-08-21
Title
WooCommerce - NAB Transact < 2.1.2 - Payment Bypass