A missing authorization flaw in the Repuso Social proof testimonials and reviews by Repuso WordPress plugin allows an attacker to bypass the intended access controls. The weakness is classified as CWE‑862, meaning that the plugin fails to enforce required permissions and permits reading or modifying testimonial content that should be protected. The impact is a direct loss of confidentiality and integrity of user‑generated testimonials, as well as potential display of inappropriate or tampered content on the site.

The vulnerability affects the Repuso Social proof testimonials and reviews by Repuso plugin, all releases from the initial public version up through 5.21. Any WordPress site running this plugin version is potentially exposed.

The CVSS score of 4.3 places the issue in the medium severity range. The EPSS score of less than 1% indicates a low likelihood of exploitation at the current time, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is through the WordPress administrative interface or any authenticated user role that the plugin exposes; the flaw permits unauthorized access to testimonial data without requiring special privileges beyond what the plugin expects. Because the weakness is a broken access control, attackers could read or modify testimonial content if they can interact with the plugin’s backend endpoints.