CVE-2025-3063
📋 TL;DR
The Shopper Approved Reviews WordPress plugin versions 2.0-2.1 contain a privilege escalation vulnerability where authenticated users with Subscriber-level access can modify WordPress site options. This allows attackers to change the default user registration role to administrator and enable user registration, granting full administrative control. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- Shopper Approved Reviews WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover with administrative access, data theft, malware injection, and defacement.
Likely Case
Attacker creates administrator account, gains full control over WordPress site and potentially server access.
If Mitigated
Limited impact if proper access controls, monitoring, and network segmentation are in place.
🎯 Exploit Status
Exploitation requires authenticated access (Subscriber role or higher). Public exploit code exists in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.2
Vendor Advisory: https://plugins.trac.wordpress.org/browser/shopperapproved-reviews/trunk/shopperapproved.php#L154
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find Shopper Approved Reviews plugin
4. Click 'Update Now' if available
5. Alternatively, download version 2.2+ from WordPress repository
6. Deactivate and delete old version, then install new version
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Shopper Approved Reviews plugin until patched
wp plugin deactivate shopperapproved-reviews
Restrict user registration
allEnsure user registration is disabled in WordPress settings
🧯 If You Can't Patch
- Remove Subscriber and higher role access from untrusted users
- Implement web application firewall rules to block suspicious AJAX requests to vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Shopper Approved Reviews for version number. Versions 2.0-2.1 are vulnerable.Check Version:
wp plugin get shopperapproved-reviews --field=versionVerify Fix Applied:
Confirm plugin version is 2.2 or higher. Test that non-admin users cannot modify site options.📡 Detection & Monitoring
Log Indicators:
- Unusual AJAX requests to admin-ajax.php with action=update_sa_option
- User role changes from Subscriber to Administrator
- New administrator account creation
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with update_sa_option parameter
SIEM Query:
source="wordpress.log" AND "admin-ajax.php" AND "update_sa_option"