The CVE describes a missing authorization flaw in WP Google Review Slider. The flaw permits an attacker to perform actions that should be restricted, such as viewing, editing, or deleting review data, by exploiting incorrectly configured access control levels. This can lead to unauthorized modification of content or disabling of the review feature, compromising the integrity of the site’s review system.

The vulnerability affects the WordPress plugin WP Google Review Slider (author jgwhite33). All releases from the earliest available version up to and including 17.4 are susceptible. Site administrators who have not upgraded the plugin since before 17.5 are at risk.

The CVSS base score is 5.4, placing the issue in the moderate severity range. The EPSS score indicates that the likelihood of public exploitation is less than 1 %, and the vulnerability is not yet listed in CISA’s KEV catalog. The likely attack vector is through the plugin’s exposed administration interface or REST endpoints, where an authenticated user or an attacker with access to the admin area can trigger the unauthorized actions described. While exploitation does not appear to require additional system privileges, it relies on the plugin’s default configuration being overly permissive.