Skip to main content

Reviews And Rating Docplanner

1 CVEs product

Monthly

CVE-2026-9619 MEDIUM This Month

Authorization bypass in the Reviews and Rating - Docplanner WordPress plugin (versions ≤ 1.1.4) allows any authenticated subscriber-level user to invoke privileged plugin actions without proper capability checks. Exploitation enables two distinct abuse paths: triggering server-side outbound scraping of attacker-controlled or arbitrary external URLs with results written to the wp_dp_reviews database table, and dispatching feature-request emails impersonating the site administrator's address. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass WordPress Reviews And Rating Docplanner
NVD
CVSS 3.1
4.3
EPSS
0.3%
EPSS 0% CVSS 4.3
MEDIUM This Month

Authorization bypass in the Reviews and Rating - Docplanner WordPress plugin (versions ≤ 1.1.4) allows any authenticated subscriber-level user to invoke privileged plugin actions without proper capability checks. Exploitation enables two distinct abuse paths: triggering server-side outbound scraping of attacker-controlled or arbitrary external URLs with results written to the wp_dp_reviews database table, and dispatching feature-request emails impersonating the site administrator's address. No public exploit code has been identified at time of analysis, and this CVE is not listed in the CISA KEV catalog.

Authentication Bypass WordPress Reviews And Rating Docplanner
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy