PT-2026-39948 · WordPress · Rate Star Review Vote
Cipher Forensic
·
Published
2026-05-12
·
Updated
2026-05-12
·
CVE-2026-4301
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings versions prior to 1.6.5
Description
The plugin contains a missing authorization flaw in the
vwrsr review() AJAX handler, which lacks capability checks and nonce verification, relying only on a check to see if the user is logged in. When the form parameter is set to 'update', the function uses an arbitrary post ID provided via the rating id GET parameter and passes it to wp update post(). This allows authenticated attackers with Subscriber-level access or higher to overwrite a target post's title, content, author, status, and post type. Furthermore, the update post meta() function is used to modify the metadata of the arbitrary post, enabling full post content takeover.Recommendations
Update to a version later than 1.6.4.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rate Star Review Vote