CVE-2026-1076

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

CVE-2026-1076 Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

CVE-2026-1076

CVE-2026-1076: The Star Review Manager WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) due to missing nonce validation on the settings page. This enables unauthenticated attackers to forge requests to update the plugin’s CSS settings if a site administrator is tricked into per...

CVE-2026-1076

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

WordPress Star Review Manager plugin <= 1.2.2 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by afnaan - SMKN 1 Bantul in WordPress Plugin Star Review Manager versions = 1.2.2...

WordPress plugin Star Review Manager has a cross-site request forgeing vulnerability.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-4580

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

EUVD-2025-9203

Malicious code in bioql PyPI...

CVE-2025-31836

Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through = 2.6.0...

WordPress Review Manager plugin <= 2.5.0 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by LVT-tholv2k in WordPress Plugin Review Manager versions = 2.5.0...

CVE-2025-31836

Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through = 2.5.0...

CVE-2025-31836 WordPress Review Manager Plugin <= 2.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in matthewrubin Review Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Review Manager: from n/a through 2.2.0...

CVE-2025-31836 WordPress Review Manager plugin <= 2.5.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in matthewrubin Review Manager review-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Review Manager: from n/a through = 2.5.0...

CVE-2025-31836

CVE-2025-31836 corresponds to a Missing Authorization vulnerability in Review Manager (WordPress plugin) affecting Review Manager v2.0 through v2.2.0. Connected sources indicate a CVSSv3.1 base score of 5.3 (Medium) with NETWORK attack vector, LOW attack complexity, no user interaction, and no co...

PT-2025-14215 · Unknown · Review Manager

Name of the Vulnerable Software and Affected Versions: matthewrubin Review Manager versions n/a through 2.2.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions n/...

WordPress plugin Review Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...