CVE-2023-2833

Name of the Vulnerable Software and Affected Versions ReviewX plugin for WordPress versions up to, and including, 1.6.13

Description The issue is related to privilege escalation due to insufficient restriction on the rx set screen options function. This allows authenticated attackers with minimal permissions, such as a subscriber, to modify their user role by supplying the wp screen options[option] and wp screen options[value] parameters during a screen option update.

Recommendations For ReviewX plugin for WordPress versions up to, and including, 1.6.13: As a temporary workaround, consider disabling the rx set screen options function until a patch is available. Restrict access to the screen option update feature to minimize the risk of exploitation. Avoid using the wp screen options[option] and wp screen options[value] parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.