This vulnerability in ListingPro Reviews arises from incorrectly configured access control security levels, resulting in missing authorization checks. Specifically, users with low privileges may exploit this flaw to perform unauthorized actions that affect the integrity and availability of the system. The CVSS 3.1 base score is 5.4, reflecting network attack vector, low attack complexity, required privileges, no user interaction, unchanged scope, no confidentiality impact, but low integrity and availability impacts. The issue affects versions before 2.9.11, but no patch or official fix details are available at this time.

Exploitation of this vulnerability could allow an attacker with limited privileges to perform unauthorized actions within the ListingPro Reviews plugin, potentially leading to data integrity issues or denial of service conditions. Confidentiality is not impacted. There are no known exploits in the wild currently.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, review and tighten access control configurations where possible to limit exposure. Monitor for updates from CridioStudio regarding patches or official mitigations.