Primary

Context

WDesignKit WordPress Plugin Missing Authorization Vulnerability in Review Submission Function

Vulnerability

A missing authorization vulnerability has been identified in the WDesignKit WordPress plugin, specifically in the Elementor and Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder versions through 1.2.16. The issue arises in the wdkit_handle_review_submission function, where the plugin fails to properly verify user authorization before allowing actions to be performed. This vulnerability enables unauthenticated attackers to send feedback data to external services.

Impact

Exploitation of this vulnerability allows for unauthorized submission of feedback data to external services, potentially leading to misuse of the collected information.

Remediation

Users can update to version 1.2.17 or a newer patched version to address this vulnerability.

Added: Oct 4, 2025, 3:19 AM

Updated: Oct 4, 2025, 3:19 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.6

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WDesignKit WordPress Plugin Missing Authorization Vulnerability in Review Submission Function

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating