CVE-2024-0836

Name of the Vulnerable Software and Affected Versions The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress versions up to, and including, 2.1.14

Description The issue allows authenticated attackers with subscriber-level access and above to modify arbitrary reviews due to a missing capability check on the rtrs review edit() function. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 2.1.14, update to a version higher than 2.1.14 to resolve the issue. As a temporary workaround, consider restricting access to the rtrs review edit() function to prevent unauthorized data modification.