CVE-2025-9899

Name of the Vulnerable Software and Affected Versions Trust Reviews plugin for WordPress versions prior to 1.0

Description The software is susceptible to Cross-Site Request Forgery (CSRF). This is due to missing or incorrect nonce validation in the feed save function. An unauthenticated attacker can create or modify feed entries by forging a request, provided they can trick a site administrator into performing an action, such as clicking a link.

Recommendations Update to a version newer than 1.0.