WordPress Plugin Vulnerabilities

5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg < 1.3.02 - Missing Authorization

Description

The 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.67. This makes it possible for unauthenticated attackers to perform unauthorized actions.

Affects Plugins

Plugin icon
5-stars-rating-funnel
Fixed in 1.3.02

References

CVE
CVE-2024-31358
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/caf879a7-650e-4c70-b23a-51cac00f0cc6

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Emili Castells
Verified
No
WPVDB ID
c5e33fb9-47c5-45c4-99df-baa592d4a347

Timeline

Publicly Published
2024-04-08 (about 2 years ago)
Added
2024-04-16 (about 2 years ago)
Last Updated
2024-04-16 (about 2 years ago)

Other

Published
Title
Published
2025-09-03
Title
Support Genix < 1.4.24 - Missing Authorization
Published
2026-02-11
Title
Perfect Portfolio < 1.2.5 - Missing Authorization
Published
2025-02-19
Title
LTL Freight Quotes – GlobalTranz Edition < 2.3.13 - Missing Authorization to Unauthenticated Settings Update
Published
2026-02-10
Title
Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) < 4.9.61 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion
Published
2026-02-18
Title
NM Gift Registry and Wishlist Lite < 5.14 - Missing Authorization