Description
Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13.
Published: 2026-04-08
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized Access
Action: Immediate Patch
AI Analysis

Impact

The BizReview WordPress plugin contains a missing authorization flaw that lets an attacker bypass required access controls. This broken access control can be used to view, add, edit, or delete review content and potentially manipulate other plugin data without proper user permissions, effectively compromising confidentiality and integrity of site content.

Affected Systems

The vulnerability affects all installations of the Foysal Imran BizReview plugin from the initial release through version 1.5.13. Any WordPress site that has installed these versions is potentially exposed, regardless of the WordPress core version. The plugin’s publicly accessible endpoints are the likely points of exploitation.

Risk and Exploitability

The flaw is a classic broken access control scenario (CWE‑862). While CVSS and EPSS metrics are not available, the impact is high because an attacker can gain privileged operations without authentication. The attack vector is inferred to be remote, via HTTP requests to plugin endpoints that should otherwise be secured. No official KEV listing is present, but the absence of a patch means the risk remains significant for all affected sites.

Generated by OpenCVE AI on April 8, 2026 at 09:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the BizReview plugin to the newest available release that resolves the authorization issue. If no patch has been released, disable or uninstall the plugin until a fix is provided. Apply access restrictions to plugin URLs using server‑level rules or a security plugin to ensure only authenticated users can reach sensitive endpoints. Monitor access logs for anomalous activity and review user permissions to mitigate potential abuse.

Generated by OpenCVE AI on April 8, 2026 at 09:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Foysal Imran
Foysal Imran bizreview
Wordpress
Wordpress wordpress
Vendors & Products Foysal Imran
Foysal Imran bizreview
Wordpress
Wordpress wordpress

Wed, 08 Apr 2026 08:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in Foysal Imran BizReview bizreview allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BizReview: from n/a through <= 1.5.13.
Title WordPress BizReview plugin <= 1.5.13 - Broken Access Control vulnerability
Weaknesses CWE-862
References

Subscriptions

Foysal Imran Bizreview
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-08T08:30:22.616Z

Reserved: 2026-04-07T10:48:55.140Z

Link: CVE-2026-39606

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-08T09:16:29.890

Modified: 2026-04-08T21:26:35.910

Link: CVE-2026-39606

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-08T19:42:11Z

Weaknesses