CVE-2025-9899: 
WordPress vulnerability analysis and mitigation

The Trust Reviews plugin for WordPress (versions up to and including 1.0) has been identified with a Cross-Site Request Forgery (CSRF) vulnerability, assigned CVE-2025-9899. The vulnerability was discovered and disclosed on September 26, 2025. This security issue affects the plugin's functionality that handles reviews from platforms including Google, Tripadvisor, Yelp, and Airbnb (NVD Database).

The vulnerability stems from missing or incorrect nonce validation in the feed_save function. The CVSS v3.1 base score is 6.1 (MEDIUM) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. The vulnerability is classified as CWE-352 (Cross-Site Request Forgery) (NVD Database, Tenable CVE).

If successfully exploited, this vulnerability allows unauthenticated attackers to create or modify feed entries through forged requests. The impact is considered medium severity, with potential for both confidentiality and integrity breaches, though no direct impact on availability has been identified (NVD Database).

Website administrators running the Trust Reviews plugin should update to versions newer than 1.0 once available. In the meantime, administrators should exercise caution when clicking on links while logged into their WordPress dashboard (NVD Database).