CVE-2024-8199

Summary

CVE-2024-8199 identifies a vulnerability in the "Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More" plugin for WordPress, affecting all versions up to 1.1.2. The flaw arises from a missing capability check in the 'update_api_key' function, permitting authenticated attackers with Subscriber-level access or higher to modify API Key options. This vulnerability poses a medium risk (CVSS base score of 4.3) due to its low complexity and required privileges, potentially allowing unauthorized data changes without user interaction. Organizations using this plugin should apply the available patches to mitigate risks associated with this vulnerability effectively. Failure to remediate could lead to integrity issues within their systems as attackers exploit this weakness.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.