CVE-2023-49832
Description
Missing Authorization vulnerability in Gemini Labs Site Reviews site-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through <= 6.10.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <= 6.10.2
Patches
Vulnerability mechanics
Root cause
"Missing authorization check in the Site Reviews plugin allows unauthenticated access to restricted functionality."
Attack vector
An unauthenticated attacker can exploit the missing authorization vulnerability [CWE-862] in the Site Reviews plugin to perform unauthorized actions. The CVSS vector indicates network-based exploitation with low complexity and no privileges required [ref_id=1]. The impact is limited to integrity (low) with no confidentiality or availability impact.
Affected code
The advisory identifies the Site Reviews plugin (site-reviews) for WordPress, versions through 6.10.2, as affected. The vulnerability is a missing authorization check that allows exploiting incorrectly configured access control security levels.
What the fix does
The advisory does not include a patch diff. The recommended remediation is to update the Site Reviews plugin to a version newer than 6.10.2 where the missing authorization check is corrected. Without a published patch, the exact code change cannot be described.
Preconditions
- configThe Site Reviews plugin version 6.10.2 or earlier must be installed and active on a WordPress site.
- authNo authentication is required; the attacker can be unauthenticated.
- networkThe attacker must be able to send HTTP requests to the WordPress site.
Generated on Jun 18, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1News mentions
0No linked articles in our index yet.