CVE-2025-54730 MEDIUM

CVE-2025-54730: WordPress Embedder for Google Reviews Plugin <= 1.7.3 - Broken Access Control Vulnerability

Vendor Pareto Digital
Product Embedder for Google Reviews
Weakness CWE-862 · Missing authorization
Published August 14, 2025
Last update May 12, 2026

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Missing Authorization vulnerability in PARETO Digital Embedder for Google Reviews embedder-for-google-reviews allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Embedder for Google Reviews: from n/a through <= 1.7.3.

Explanation of Vulnerability in Simple Terms

02Summary

The Embedder for Google Reviews plugin through version 1.7.3 lacks proper authorization checks, allowing unauthenticated attackers to modify data on the site. An attacker can send a network request to alter settings or content without needing to log in or interact with a user. This affects all installations of the plugin up to and including version 1.7.3.

What an attacker can do

03Attacker Capabilities

Modify plugin settings or data without logging in.

Potential impact on your site

04Site Impact

Attackers can alter Google Reviews embed settings or related data without your permission or knowledge.

Conditions required to exploit

05Prerequisites

Network access to the site; no authentication or user interaction required.

Key dates

06Disclosure timeline

August 14, 2025 CVE published
May 12, 2026 Record updated