The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function and not properly verifying the user's identity. This makes it possible for unauthenticated attackers to log in as user that has dismissed an admin notice in the past 30 days, which is often an administrator. Alternatively, a user can log in as any user with any transient that has a valid user_id as the value, though it would be more difficult to exploit this successfully.
The plugin does not properly verify which user transient is being used in the login() function, nor does it properly verify user identity. An attacker without any privileges can log in as a user who has rejected an administrative notification within the last 30 days — most often this is an administrator. Alternatively, it is possible to log in as any user if the attacker has a transient containing the correct user_id as a value, although this path is more difficult to exploit.
An attacker can take control of a WordPress administrator account or other user account, leading to complete website takeover — including content modification, installation of malicious plugins, and data breach.
The WooCommerce Photo Reviews Premium plugin must be updated immediately to a version higher than 1.3.13.2. Patches available from the vendor should be applied according to references.
WooCommerce Photo Reviews Premium plugin for WordPress in all versions up to and including 1.3.13.2.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HVillatheme Woocommerce Photo Reviews
APPVillatheme< 1.3.14
Related vulnerabilities
Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium pl...
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which ...
The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all vers...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaThe...
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to miss...