CVE-2024-8199

The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateapikey' function in all versions up to, and including, 1.1.2. This make...

CVE-2024-8199 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update

The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateapikey' function in all versions up to, and including, 1.1.2. This make...

CVE-2024-8199

CVE-2024-8199 affects the WordPress plugin “Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More.” The issue is a missing capability check in update_api_key, present in all versions up to 1.1.2, allowing authenticated attackers with Subscriber-leve...

CVE-2024-8200 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery

The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'updateapikey'...

CVE-2024-8200

CVE-2024-8200 concerns the WordPress plugin “Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More.” Connected sources confirm a CSRF vulnerability caused by missing or incorrect nonce validation in the update_api_key function, affecting all version...

WordPress Reviews Feed plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Settings Update vulnerability discovered by Sajjad Ahmad jacksparrow in WordPress Plugin Reviews Feed versions = 1.1.2...

WordPress Reviews Feed plugin <= 1.1.2 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Sajjad Ahmad jacksparrow in WordPress Plugin Reviews Feed versions = 1.1.2...

WordPress plugin Reviews Feed 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8200 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d47df2666851 Credits Sajjad Ahmad jacksparro...

PT-2024-38871 · WordPress · Reviews Feed – Add Testimonials/Customer Reviews From Google Reviews

Name of the Vulnerable Software and Affected Versions: Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the upda...

WordPress plugin Reviews Feed 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-38870 · WordPress · Reviews Feed – Add Testimonials/Customer Reviews From Google Reviews

Name of the Vulnerable Software and Affected Versions: Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress versions 1.1.2 and earlier Description: The issue is related to a missing capability check on the update api key...

WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Broken Access Control

Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eb3754a5f963 Credits Sajjad Ahmad jacksparrow Required...