CVE-2023-4686 in WP Customer Reviews Plugin
Summary
by MITRE • 11/22/2023
The WP Customer Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.6.6 via the ajax_enabled_posts function. This can allow authenticated attackers to extract sensitive data such as post titles and slugs, including those of protected and trashed posts and pages in addition to other post types such as galleries.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 04/11/2026
The WP Customer Reviews plugin for WordPress presents a significant security vulnerability classified as CVE-2023-4686, affecting versions up to and including 3.6.6. This vulnerability stems from improper access controls within the ajax_enabled_posts function, which exposes sensitive data through an insecure API endpoint. The flaw allows authenticated attackers to extract post metadata including titles, slugs, and other identifying information from various post types including protected content, trashed posts, and galleries. The vulnerability represents a critical information disclosure issue that undermines the confidentiality of content management systems. According to CWE-200, this weakness falls under information exposure, where sensitive data is accessible to unauthorized parties. The flaw is particularly concerning as it operates within the WordPress ecosystem where content protection mechanisms are expected to function properly.
The technical implementation of this vulnerability occurs through the ajax_enabled_posts function which fails to properly validate user permissions before returning post information. When authenticated attackers make specific AJAX requests to the plugin's endpoint, they can retrieve metadata from posts that should normally be restricted to authorized users only. This includes protected posts that are typically hidden from public view, trashed content that should be inaccessible, and various custom post types such as galleries that may contain sensitive information. The vulnerability essentially bypasses WordPress's built-in access control mechanisms by exposing an API endpoint that should require proper authentication and authorization checks before returning sensitive data. This behavior aligns with ATT&CK technique T1213.002 for data from information repositories, where adversaries access sensitive data through improperly protected interfaces.
The operational impact of this vulnerability extends beyond simple information disclosure, as it can enable attackers to gather intelligence about website content structure and potentially identify other security weaknesses. Attackers can use the exposed post titles and slugs to plan targeted attacks, identify sensitive content, or map out the website's internal structure. The exposure of trashed posts and protected content provides attackers with additional information about the website's content management practices and potentially reveals information about content that was previously considered secure. This vulnerability particularly affects WordPress installations where the WP Customer Reviews plugin is actively used, as it creates a persistent attack surface that remains active until the plugin is updated or the vulnerability is patched. The exposure of multiple post types including galleries suggests that this vulnerability impacts various content management scenarios and could affect websites with complex content structures.
Organizations affected by this vulnerability should immediately update to the latest version of the WP Customer Reviews plugin where the issue has been addressed through proper access control implementation. The recommended mitigation strategy involves not only patching the plugin but also implementing additional monitoring to detect unauthorized access attempts to the vulnerable endpoint. Security teams should review access logs for suspicious AJAX requests and consider implementing rate limiting to prevent automated data extraction attempts. The vulnerability highlights the importance of proper input validation and access control implementation in WordPress plugins, particularly those that expose API endpoints for AJAX functionality. Organizations should also consider implementing network-level protections such as web application firewalls to detect and block requests to known vulnerable endpoints. Additionally, regular security audits of WordPress plugins should include verification of proper access controls and authentication requirements for all API endpoints to prevent similar vulnerabilities from being introduced into the system.