CVE Catalog

CVE-2026-8499

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

15th percentile - higher than 15% of all known CVEs

Summary

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to and including 1.2.9. The `helpfulcrowd_validate_token()` function uses a loose comparison operator, allowing unauthenticated users to modify plugin settings.

Risk Assessment

The organization is at risk of unauthorized changes to the plugin's configuration, potentially leading to serious security and data integrity issues.

Recommendation

It is recommended to update the plugin to the latest version to mitigate this vulnerability and implement additional security measures, such as restricting access to the REST API.

Original NVD description (English source)

The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_token()` function using a loose comparison operator (`!=`) instead of a strict comparison (`!==`) when validating the `token` parameter, while the corresponding REST route `/wp-json/helpfulcrowd/v1/update-settings` is registered with a `permission_callback` of `__return_true`, making it reachable by unauthenticated users; submitting a JSON boolean `true` as the `token` value causes PHP's loose comparison to evaluate as equal to the non-empty base64-encoded secret string, bypassing the check entirely. This makes it possible for unauthenticated attackers to invoke `helpfulcrowd_settings_endpoint()` and write arbitrary attacker-controlled key-value pairs directly into the `helpfulcrowd_options` WordPress database option via `update_option()` without any sanitization or allowlist filtering, enabling full unauthenticated modification of the plugin's stored configuration.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS