CVE-2025-31886: 
WordPress vulnerability analysis and mitigation

A Missing Authorization vulnerability (CVE-2025-31886) was discovered in the WordPress plugin 'Social proof testimonials and reviews by Repuso' affecting versions through 5.21. The vulnerability was reported by Peter Thaleikis on February 17, 2025, and was publicly disclosed on April 1, 2025 (Patchstack).

The vulnerability is classified as a Broken Access Control issue (CWE-862) with a CVSS v3.1 Base Score of 4.3 (Medium). The vulnerability vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N, indicating network accessibility, low attack complexity, and low privileges required for exploitation (Patchstack).

The vulnerability allows unprivileged users to execute certain higher privileged actions due to missing authorization, authentication, or nonce token checks. The specific impact is considered low severity and unlikely to be exploited (Patchstack).

The vulnerability has been fixed in version 5.22 of the plugin. Users are advised to update to version 5.22 or later to remove the vulnerability. Patchstack users can enable auto-update functionality for vulnerable plugins (Patchstack).