CVE-2025-15157
📋 TL;DR
This vulnerability in the Starfish Review Generation & Marketing WordPress plugin allows authenticated attackers with Subscriber-level access or higher to modify WordPress site options without proper authorization. Attackers can change the default user registration role to administrator and enable user registration, gaining administrative access to vulnerable WordPress sites. All WordPress sites using this plugin version 3.1.19 or earlier are affected.
💻 Affected Systems
- Starfish Review Generation & Marketing for WordPress
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise where attackers gain administrative access, install backdoors, steal data, deface the site, or use it for further attacks.
Likely Case
Attackers gain administrative access to vulnerable WordPress sites, potentially compromising sensitive data and site integrity.
If Mitigated
Limited impact if proper access controls, monitoring, and network segmentation are in place to detect and contain unauthorized changes.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once an attacker has valid credentials. The vulnerability is well-documented with public technical details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.1.20 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/starfish-reviews/tags/3.1.20/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Starfish Review Generation & Marketing'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 3.1.20+ from WordPress plugin repository and manually update.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Starfish Review plugin until patched
wp plugin deactivate starfish-reviews
Restrict user registration
allDisable user registration in WordPress settings to prevent attacker account creation
🧯 If You Can't Patch
- Implement strict access controls and monitor for unauthorized option changes
- Remove Subscriber and other low-privilege user accounts or restrict their capabilities
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Starfish Review plugin version 3.1.19 or earlierCheck Version:
wp plugin get starfish-reviews --field=versionVerify Fix Applied:
Verify plugin version is 3.1.20 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unauthorized option changes in WordPress logs
- Unexpected user role changes from Subscriber to Administrator
- Suspicious AJAX requests to starfish-ajax-callbacks.action.php
Network Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=srm_restore_options_defaults
SIEM Query:
source="wordpress.log" AND ("option_name"="default_role" OR "option_name"="users_can_register") AND "option_value"="administrator"