Description
The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger outbound scraping of external websites and write scraped review data into the wp_dp_reviews database table, as well as send feature-request emails from the site administrator's email address.
Published: 2026-06-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Reviews and Rating – Docplanner plugin for WordPress contains an authorization check flaw that allows an attacker who has logged in with a subscriber role or higher to perform actions that should be restricted. By exploiting the sync_reviews AJAX endpoint, the attacker can cause the plugin to scrape external websites and write the retrieved review data into the wp_dp_reviews database table. The same endpoint also enables the attacker to send feature‑request emails that appear to originate from the site administrator’s address. This vulnerability compromises the integrity of review data and creates a vector for phishing and social‑engineering attacks.

Affected Systems

WordPress sites running any version of the Reviews and Rating – Docplanner plugin up to and including 1.1.4 are affected. Users who possess at least subscriber-level privileges can trigger the flaw; installations without such users remain unaffected.

Risk and Exploitability

The CVSS score of 4.3 indicates moderate severity. The EPSS score is not available, so the exploitation likelihood cannot be quantified, but the availability of an authenticated attacker with subscriber or higher privileges elevates the risk. The vulnerability is not listed in the CISA KEV catalog. Attackers must first authenticate to the WordPress site; once authenticated, they can invoke the exposed sync_reviews endpoint to perform unauthorized actions without further privileges.

Generated by OpenCVE AI on June 24, 2026 at 09:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Reviews and Rating – Docplanner plugin to version 1.1.5 or later where the authorization check has been fixed.
  • If upgrading is not possible, remove or restrict the sync_reviews AJAX action for subscribers and higher roles, for example by adding a capability check or by using a custom code snippet that unregisters the action when the request originates from a user with insufficient privileges.
  • Audit the wp_dp_reviews database table for unexpected entries and delete any records that appear to have been inserted by external scraping, restoring from clean backups if available.

Generated by OpenCVE AI on June 24, 2026 at 09:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 24 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
Description The Reviews and Rating – Docplanner plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 1.1.4. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger outbound scraping of external websites and write scraped review data into the wp_dp_reviews database table, as well as send feature-request emails from the site administrator's email address.
Title Reviews and Rating <= 1.1.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via sync_reviews AJAX Action
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-06-24T12:16:46.596Z

Reserved: 2026-05-26T16:40:59.190Z

Link: CVE-2026-9619

cve-icon Vulnrichment

Updated: 2026-06-24T12:16:13.312Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T10:00:05Z

Weaknesses