Reviews And Rating Docplanner
Monthly
Authorization bypass in the Reviews and Rating - Docplanner WordPress plugin (versions ≤ 1.1.4) allows any authenticated subscriber-level user to invoke privileged plugin actions without proper capability checks. Exploitation enables two distinct abuse paths: triggering server-side outbound scraping of attacker-controlled or arbitrary external URLs with results written to the wp_dp_reviews database table, and dispatching feature-request emails impersonating the site administrator's address. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.
Authorization bypass in the Reviews and Rating - Docplanner WordPress plugin (versions ≤ 1.1.4) allows any authenticated subscriber-level user to invoke privileged plugin actions without proper capability checks. Exploitation enables two distinct abuse paths: triggering server-side outbound scraping of attacker-controlled or arbitrary external URLs with results written to the wp_dp_reviews database table, and dispatching feature-request emails impersonating the site administrator's address. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.