CVE-2026-8499: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in helpfulcrowd Helpfulcrowd Product Reviews
The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_token()` function using a loose comparison operator (`!=`) instead of a strict comparison (`!==`) when validating the `token` parameter, while the corresponding REST route `/wp-json/helpfulcrowd/v1/update-settings` is registered with a `permission_callback` of `__return_true`, making it reachable by unauthenticated users; submitting a JSON boolean `true` as the `token` value causes PHP's loose comparison to evaluate as equal to the non-empty base64-encoded secret string, bypassing the check entirely. This makes it possible for unauthenticated attackers to invoke `helpfulcrowd_settings_endpoint()` and write arbitrary attacker-controlled key-value pairs directly into the `helpfulcrowd_options` WordPress database option via `update_option()` without any sanitization or allowlist filtering, enabling full unauthenticated modification of the plugin's stored configuration.
AI Analysis
Technical Summary
CVE-2026-8499 describes a vulnerability in the Helpfulcrowd Product Reviews plugin for WordPress where the `helpfulcrowd_validate_token()` function uses a loose comparison (`!=`) instead of a strict comparison (`!==`) to validate a token parameter. The REST route `/wp-json/helpfulcrowd/v1/update-settings` is registered with a permission callback that always returns true, allowing unauthenticated access. By submitting a JSON boolean true as the token, PHP's loose comparison evaluates it as equal to the expected base64-encoded secret string, bypassing authorization. This allows unauthenticated attackers to invoke the settings endpoint and write arbitrary data into the plugin's options in the WordPress database without any sanitization or allowlist filtering.
Potential Impact
An unauthenticated attacker can bypass authorization controls and modify the plugin's configuration settings arbitrarily. This can lead to unauthorized changes in the plugin behavior or stored data integrity issues. The vulnerability does not directly impact confidentiality or availability but allows integrity compromise of plugin settings.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the affected REST endpoint if possible or disable the Helpfulcrowd Product Reviews plugin. Avoid exposing the vulnerable endpoint to unauthenticated users. Monitor for updates from the vendor regarding an official patch.
CVE-2026-8499: CWE-843 Access of Resource Using Incompatible Type ('Type Confusion') in helpfulcrowd Helpfulcrowd Product Reviews
Description
The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_token()` function using a loose comparison operator (`!=`) instead of a strict comparison (`!==`) when validating the `token` parameter, while the corresponding REST route `/wp-json/helpfulcrowd/v1/update-settings` is registered with a `permission_callback` of `__return_true`, making it reachable by unauthenticated users; submitting a JSON boolean `true` as the `token` value causes PHP's loose comparison to evaluate as equal to the non-empty base64-encoded secret string, bypassing the check entirely. This makes it possible for unauthenticated attackers to invoke `helpfulcrowd_settings_endpoint()` and write arbitrary attacker-controlled key-value pairs directly into the `helpfulcrowd_options` WordPress database option via `update_option()` without any sanitization or allowlist filtering, enabling full unauthenticated modification of the plugin's stored configuration.
CVSS v3.1
Score 5.3medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-8499 describes a vulnerability in the Helpfulcrowd Product Reviews plugin for WordPress where the `helpfulcrowd_validate_token()` function uses a loose comparison (`!=`) instead of a strict comparison (`!==`) to validate a token parameter. The REST route `/wp-json/helpfulcrowd/v1/update-settings` is registered with a permission callback that always returns true, allowing unauthenticated access. By submitting a JSON boolean true as the token, PHP's loose comparison evaluates it as equal to the expected base64-encoded secret string, bypassing authorization. This allows unauthenticated attackers to invoke the settings endpoint and write arbitrary data into the plugin's options in the WordPress database without any sanitization or allowlist filtering.
Potential Impact
An unauthenticated attacker can bypass authorization controls and modify the plugin's configuration settings arbitrarily. This can lead to unauthorized changes in the plugin behavior or stored data integrity issues. The vulnerability does not directly impact confidentiality or availability but allows integrity compromise of plugin settings.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to the affected REST endpoint if possible or disable the Helpfulcrowd Product Reviews plugin. Avoid exposing the vulnerable endpoint to unauthenticated users. Monitor for updates from the vendor regarding an official patch.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Wordfence
- Date Reserved
- 2026-05-13T19:49:04.220Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a279b36e29bf47b50359128
Added to database: 6/9/2026, 4:48:54 AM
Last enriched: 6/9/2026, 5:06:20 AM
Last updated: 6/9/2026, 10:41:46 AM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.