{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-25318", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2026-02-02T12:20:47.811Z", "datePublished": "2026-02-19T08:26:54.880Z", "dateUpdated": "2026-04-28T16:14:54.811Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wiser-review", "product": "WiserReview Product Reviews for WooCommerce", "vendor": "Wisernotify team", "versions": [{"changes": [{"at": "3.0", "status": "unaffected"}], "lessThanOrEqual": "2.9", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:05:03.697Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.</p>"}], "value": "Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:54.811Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wiser-review/vulnerability/wordpress-wiserreview-product-reviews-for-woocommerce-plugin-2-9-broken-access-control-vulnerability?_s_id=cve"}], "title": "WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-19T20:30:03.349584Z", "id": "CVE-2026-25318", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T12:56:11.977Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-25318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-19T20:30:03.349584Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-19T20:29:27.376Z"}}], "cna": {"title": "WordPress WiserReview Product Reviews for WooCommerce plugin <= 2.9 - Broken Access Control vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Legion Hunter | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Wisernotify team", "product": "WiserReview Product Reviews for WooCommerce", "versions": [{"status": "affected", "changes": [{"at": "3.0", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "2.9"}], "packageName": "wiser-review", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-28T13:26:39.600Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wiser-review/vulnerability/wordpress-wiserreview-product-reviews-for-woocommerce-plugin-2-9-broken-access-control-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T12:10:49.085Z"}}}, "cveMetadata": {"cveId": "CVE-2026-25318", "state": "PUBLISHED", "dateUpdated": "2026-04-28T12:56:11.977Z", "dateReserved": "2026-02-02T12:20:47.811Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-19T08:26:54.880Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Wisernotify team WiserReview Product Reviews for WooCommerce wiser-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserReview Product Reviews for WooCommerce: from n/a through <= 2.9."}, {"lang": "es", "value": "Vulnerabilidad de autorizaci\u00f3n faltante en el equipo Wisernotify WiserReview Product Reviews para WooCommerce wiser-review permite la explotaci\u00f3n de niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WiserReview Product Reviews para WooCommerce: desde n/a hasta &lt;= 2.9."}], "id": "CVE-2026-25318", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-19T09:16:16.063", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wiser-review/vulnerability/wordpress-wiserreview-product-reviews-for-woocommerce-plugin-2-9-broken-access-control-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.9]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "3.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "WiserReview Product Reviews for WooCommerce", "source": "cna", "vendor": "Wisernotify team"}, "product": "wiserreview_product_reviews_for_woocommerce", "vendor": "wisernotify_team"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-16T06:36:42.841881+00:00", "value": {"mitigation_remediation": ["Update the WiserReview plugin to the latest version available from the vendor (3.0 or later).", "Restrict WordPress role permissions so that only trusted administrators or editors can manage reviews; use a role\u2011editing plugin if necessary.", "Configure the server (e.g., .htaccess or site firewall) to block direct access to review\u2011management URLs for non\u2011authenticated users."], "summary": {"action": "Apply Patch", "impact": "Broken Access Control leading to unauthorized access or modification of product reviews"}, "threat_synthesis": {"affected_systems": "WordPress sites running the WiserReview Product Reviews for WooCommerce plugin version 2.9 or earlier are affected. No specific sub\u2011versions are enumerated, so any installation of the plugin up to and including 2.9 is vulnerable.", "description_and_impact": "The vulnerability arises from a missing authorization check in the Wisernotify team WiserReview Product Reviews for WooCommerce plugin. The flaw allows an attacker to exploit incorrectly configured access control security levels, potentially viewing or altering product review data without permission. The impact is confined to the review subsystem but could undermine the integrity and trust of user-generated content.", "risk_and_exploitability": "The CVSS score of 4.3 indicates a low to moderate severity, while the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. The likely attack vector is web\u2011based, requiring an attacker to authenticate or bypass the review management interface, as the description indicates a broken access control flaw. The exploit would grant unauthorized access to review content but does not appear to allow remote code execution or system compromise beyond the plugin\u2019s scope."}}}}, "created": "2026-02-20T10:09:05.408029+00:00", "updated": "2026-04-16T06:45:16.312872+00:00", "vendors": ["wisernotify_team", "wisernotify_team$PRODUCT$wiserreview_product_reviews_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}