WordPress Customer Reviews for WooCommerce plugin <= 5.3.5 - Authenticated Broken Access Control vulnerability

Vulnerability

The Customer Reviews for WooCommerce plugin for WordPress, versions 5.3.5 and earlier, contains a broken access control vulnerability. The plugin fails to properly enforce capability checks on certain AJAX endpoints or administrative actions, allowing authenticated users with a subscriber role or higher to access functionality that should be restricted to higher-privileged users like shop managers or administrators [1][2].

Exploitation

An attacker with a valid subscriber account (or any higher role) can craft HTTP requests to the vulnerable endpoints. No additional authentication or user interaction is required beyond having a WordPress account with subscriber privileges. The exact sequence of steps involves sending a specially crafted request to trigger the unauthorized action [2].

Impact

Successful exploitation allows the attacker to perform actions such as modifying review settings, deleting or altering reviews, or accessing sensitive configuration data. The impact is a breach of confidentiality and integrity, potentially leading to loss of control over the review system and exposure of non-public plugin settings [2].

Mitigation

The vulnerability is fixed in version 5.3.6 of the plugin. Users should update to this version or later immediately. No workarounds are available. The plugin is actively maintained, and the vendor has released a patch [1][2].