WEB APPLICATION VULNERABILITIES Standard & Premium

WordPress Plugin Starfish Review Generation & Marketing for WordPress Security Bypass (2.0.0)

Description

WordPress Plugin Starfish Review Generation & Marketing for WordPress is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently perform a variety of the plugin's actions or even take over a website. WordPress Plugin Starfish Review Generation & Marketing for WordPress version 2.0.0 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 2.0.1 or latest

References

https://www.pluginvulnerabilities.com/2019/02/26/hackers-are-probably-already-exploiting-this-authenticated-option-update-vulnerability-just-fixed-in-freemius/

https://github.com/Freemius/wordpress-sdk/commit/50a7ca3d921d59e1d2b39bb6ab3c6c7efde494b8

https://plugins.svn.wordpress.org/starfish-reviews/trunk/readme.txt

Related Vulnerabilities

WordPress Plugin WP Photo Album Plus Cross-Site Request Forgery (4.8.11)

WordPress Plugin Chained Quiz Cross-Site Scripting (1.1.9)

WordPress Plugin Woocommerce Product Designer Arbitrary File Upload (3.0.3)

WordPress Plugin Login Security Solution Multiple Unspecified Vulnerabilities (0.50.0)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-6388)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass