Cipher Forensic

**Name of the Vulnerable Software and Affected Versions** Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings versions prior to 1.6.5 **Description** The plugin contains a missing authorization flaw in the `vwrsr review()` AJAX handler, which lacks capability checks and nonce verification, relying only on a check to see if the user is logged in. When the `form` parameter is set to 'update', the function uses an arbitrary post ID provided via the `rating id` GET parameter and passes it to `wp update post()`. This allows authenticated attackers with Subscriber-level access or higher to overwrite a target post's title, content, author, status, and post type. Furthermore, the `update post meta()` function is used to modify the metadata of the arbitrary post, enabling full post content takeover. **Recommendations** Update to a version later than 1.6.4.