CVE-2024-1849

Name of the Vulnerable Software and Affected Versions WP Customer Reviews versions prior to 3.7.1

Description The issue concerns the WP Customer Reviews WordPress plugin, where a parameter is not validated, allowing contributor and above users to redirect a page to a malicious URL. This poses a risk to WordPress sites, potentially exposing them to malicious redirects. The flaw can be exploited by attackers to reroute unsuspecting users.

Recommendations For versions prior to 3.7.1, update to version 3.7.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable parameter to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected plugin until the issue is resolved.