CVE-2024-0836: 
WordPress vulnerability analysis and mitigation

The WordPress Review & Structure Data Schema Plugin (Review Schema) contains a vulnerability tracked as CVE-2024-0836, discovered in versions up to and including 2.1.14. The vulnerability stems from a missing capability check in the rtrs_review_edit() function, which allows authenticated attackers with subscriber-level access or higher to modify arbitrary reviews without proper authorization (NVD).

The vulnerability is classified as a Missing Authorization issue (CWE-862) with a CVSS v3.1 base score of 4.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, required low privileges, no user interaction, unchanged scope, no impact on confidentiality, low impact on integrity, and no impact on availability (NVD).

The vulnerability allows authenticated attackers with subscriber-level access or higher to modify arbitrary reviews within the WordPress installation. This unauthorized modification capability could lead to content manipulation and potential reputation damage for the affected website (NVD).

Website administrators should update the Review Schema plugin to a version newer than 2.1.14 which contains the security fix. The vulnerability was addressed by implementing proper capability checks on the rtrs_review_edit() function (Wordfence).