CVE-2024-0836
WordPress Review & Structure Data Schema Plugin – Review Schema <= 2.1.14 - Missing Authorization to Arbitrary Review Update
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews.
El complemento WordPress Review & Structure Data Schema Plugin – Review Schema para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificación de capacidad en la función rtrs_review_edit() en todas las versiones hasta la 2.1.14 incluida. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, modifiquen revisiones arbitrarias.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-01-23 CVE Reserved
- 2024-01-30 CVE Published
- 2024-02-08 EPSS Updated
- 2024-10-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (2)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Radiustheme Search vendor "Radiustheme" | Review Schema Search vendor "Radiustheme" for product "Review Schema" | <= 2.1.14 Search vendor "Radiustheme" for product "Review Schema" and version " <= 2.1.14" | wordpress |
Affected
| ||||||