Starfish Review Generation and Marketing for WordPress Privilege Escalation Vulnerability

Vulnerability

A vulnerability in the Starfish Review Generation & Marketing for WordPress plugin, affecting all versions through 3.1.19, allows authenticated users with Subscriber-level access and above to bypass capability checks and modify arbitrary site options. This unauthorized data manipulation can lead to privilege escalation by enabling attackers to change the default user role for new registrations to administrator, thereby gaining administrative access on the site.

Impact

Exploitation of this vulnerability could result in unauthorized users gaining administrative privileges on the WordPress site.

Added: Feb 13, 2026, 11:47 PM

Updated: Feb 13, 2026, 11:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.9

remediation

0.0

relevance

2.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.9

remediation

0.0

relevance

2.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Starfish Review Generation and Marketing for WordPress Privilege Escalation Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating