The changelog for version 5.2.2 of the plugin WP Review is “Fixed vulnerability issue”. While there is also a changelog for version 2.5.1, there was no version submitted between 5.2.0 and 5.2.2 being released, so it hard to be exactly sure what changes are connected in which version. We found one incomplete security change and another change that removed code that could be considered a vulnerability, both involving code in the file /includes/ajax.php. While still reviewing things we got alerted to a thread in WordPress Support Forum that indicates the second issue is being targeted by hackers, though not in a way that seems like it could lead to websites being hacked.

…

[Read more]