User Feedback
Monthly
Missing authorization in Syed Balkhi User Feedback plugin versions up to 1.10.1 allows authenticated users to access sensitive feedback data and functionalities they should not have permission to view or modify, due to incorrectly configured access control security levels. With CVSS 4.3 and EPSS 0.02%, this represents a low-probability real-world exploitation risk, though it affects WordPress installations using this plugin.
Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.1) allows authenticated attackers with low privileges to extract database contents through malicious SQL queries. The vulnerability enables cross-scope exploitation with high confidentiality impact and limited availability disruption. EPSS probability is low (0.02%, 6th percentile), no public exploit identified at time of analysis, and exploitation requires authenticated access with low attack complexity.
Missing authorization in Syed Balkhi User Feedback plugin versions up to 1.10.1 allows authenticated users to access sensitive feedback data and functionalities they should not have permission to view or modify, due to incorrectly configured access control security levels. With CVSS 4.3 and EPSS 0.02%, this represents a low-probability real-world exploitation risk, though it affects WordPress installations using this plugin.
Blind SQL injection in User Feedback WordPress plugin (versions ≤1.10.1) allows authenticated attackers with low privileges to extract database contents through malicious SQL queries. The vulnerability enables cross-scope exploitation with high confidentiality impact and limited availability disruption. EPSS probability is low (0.02%, 6th percentile), no public exploit identified at time of analysis, and exploitation requires authenticated access with low attack complexity.