CVE-2025-58667 is a Missing Authorization vulnerability (CWE-862) identified in the ListingPro Reviews component developed by CridioStudio. This vulnerability arises due to incorrectly configured access control security levels, allowing users with limited privileges (PR:L - privileges required: low) to perform actions or access resources beyond their authorization scope without requiring user interaction (UI:N). The vulnerability affects ListingPro Reviews versions up to 1.6, though exact affected versions are unspecified (noted as 'n/a'). The CVSS 3.1 base score is 5.4 (medium severity), with an attack vector of network (AV:N), low attack complexity (AC:L), privileges required low (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), low integrity impact (I:L), and low availability impact (A:L). This indicates that an attacker with limited privileges, such as a registered user, can exploit the vulnerability remotely to perform unauthorized actions that may alter data integrity and availability of the ListingPro Reviews system. Since ListingPro is a WordPress-based directory and review management plugin widely used for business listings, this vulnerability could allow malicious actors to manipulate review data, potentially altering or deleting reviews, or otherwise impacting the trustworthiness and availability of the review system. No known exploits are currently reported in the wild, and no patches have been linked yet, suggesting that the vulnerability is newly disclosed and may require immediate attention from administrators. The root cause is an access control misconfiguration, meaning that the system fails to properly verify whether a user is authorized to perform certain actions within the ListingPro Reviews module, leading to privilege escalation or unauthorized data manipulation risks.

For European organizations using ListingPro Reviews, this vulnerability poses a risk to the integrity and availability of their online business listings and review data. Manipulation or deletion of reviews can damage business reputations, mislead customers, and reduce trust in the platform. This can have direct financial impacts, especially for SMEs relying on positive reviews for customer acquisition. Additionally, availability impacts may disrupt service continuity, affecting user experience and potentially leading to loss of revenue. Since the vulnerability requires only low privileges and no user interaction, it can be exploited remotely by authenticated users, increasing the risk of insider threats or compromised accounts being leveraged. Given the GDPR environment in Europe, unauthorized data manipulation could also raise compliance concerns if personal data or user-generated content is affected, potentially leading to regulatory scrutiny or penalties. The absence of known exploits currently provides a window for proactive mitigation, but organizations should act swiftly to prevent exploitation once public awareness grows.

1. Immediate review and tightening of access control policies within the ListingPro Reviews plugin configuration to ensure that only authorized roles can perform sensitive actions such as modifying or deleting reviews. 2. Restrict user roles and permissions in WordPress to the minimum necessary, avoiding granting unnecessary privileges to users who do not require them. 3. Monitor logs for unusual activity related to review modifications or deletions to detect potential exploitation attempts early. 4. Implement multi-factor authentication (MFA) for all users with any level of privilege to reduce risk from compromised accounts. 5. Regularly update the ListingPro Reviews plugin and WordPress core as soon as patches become available from CridioStudio or trusted security sources. 6. Consider deploying a Web Application Firewall (WAF) with custom rules to detect and block suspicious requests targeting review modification endpoints. 7. Conduct internal security audits and penetration tests focusing on access control mechanisms in the ListingPro environment to identify and remediate any other potential weaknesses. 8. Educate administrators and users on the importance of strong credentials and monitoring for suspicious activity related to reviews.