WordPress Plugin Vulnerabilities

Better Business Reviews < 0.1.2 - Missing Authorization

Description

The Better Business Reviews – Trustpilot WordPress Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 0.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action.

Affects Plugins

Plugin icon
better-business-reviews
Fixed in 0.1.2

References

CVE
CVE-2025-69354
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7b8c5f-3e3d-4ccc-8598-fcb4503c25ea

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Nabil Irawan
Verified
No
WPVDB ID
ca87a14b-f077-4e5f-8691-fae5fa317203

Timeline

Publicly Published
2026-01-09 (about 5 months ago)
Added
2026-01-14 (about 5 months ago)
Last Updated
2026-01-14 (about 5 months ago)

Other

Published
Title
Published
2026-01-16
Title
Community Events < 1.5.7 - Missing Authorization to Unauthenticated Arbitrary Event Approval via 'eventlist' Parameter
Published
2024-04-29
Title
WidgetKit < 2.5.5 - Missing Authorization to Notice Dismissal
Published
2026-04-07
Title
WP Blockade <= 0.9.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Shortcode Execution via 'shortcode' Parameter
Published
2023-12-21
Title
WP Custom Widget Area <= 1.2.5 - Subscriber+ Menus Creation/Deletion/Update
Published
2025-07-10
Title
Wishlist for WooCommerce < 3.2.4 - Missing Authorization