CVE-2024-8200

Name of the Vulnerable Software and Affected Versions: Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress versions up to, and including, 1.1.2

Description: The issue is due to missing or incorrect nonce validation on the update api key function, making it possible for unauthenticated attackers to update an API key via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. This allows attackers to perform unwanted actions on behalf of users.

Recommendations: For versions up to, and including, 1.1.2, update to a patched version immediately to resolve the issue. Additionally, review logs for signs of exploit. As a temporary workaround, consider restricting access to the update api key function until a patch is available.