What the vulnerability does
01Description
Missing Authorization vulnerability in Starfish Reviews Starfish Review Generation & Marketing starfish-reviews allows Privilege Escalation.This issue affects Starfish Review Generation & Marketing: from n/a through <= 3.1.19.
Explanation of Vulnerability in Simple Terms
02Summary
Starfish Review Generation & Marketing versions 3.1.19 and earlier lack proper authorization checks, allowing authenticated users with low privileges to read, modify, or delete data they should not access. An attacker with a basic user account can perform administrative actions without restriction. This affects all data confidentiality, integrity, and availability on the affected installation.
What an attacker can do
03Attacker Capabilities
Read, modify, or delete any data in the application without proper authorization checks.
Potential impact on your site
04Site Impact
Any authenticated user can access and alter sensitive data, including reviews, settings, and user information.
Conditions required to exploit
05Prerequisites
Attacker needs a low-privilege user account; no special interaction required.
Key dates
06Disclosure timeline
April 17, 2025
CVE published
April 28, 2026
Record updated