Rich Reviews <= 1.7.4 - Unauthenticated Plugin Options Update



Description
This issue was found to be actively exploited in the wild by security vendor Wordfence. Refer to the references for further details.

The plugin was removed from the WordPress plugin repository on March 11, 2019.

Affects Plugin

References

URL https://www.wordfence.com/blog/2019/09/rich-reviews-plugin-vulnerability-exploited-in-the-wild/
URL https://wordpress.org/support/topic/plugin-not-supported-open-to-malware-uninstall-now/

Classification

Type BYPASS

Miscellaneous

Views 3689
Verified No
WPVDB ID 9885

Timeline

Publicly Published 2019-09-24 (27 days ago)
Added 2019-09-24 (26 days ago)
Last Updated 2019-09-24 (26 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin