CVE-2026-57318
Deferred Deferred - Pending Action

Subscriber Sensitive Data Exposure in Site Reviews

Vulnerability report for CVE-2026-57318, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: Patchstack

Description

Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-07-16
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
wp_media site_reviews_plugin to 8.0.11 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The WordPress Site Reviews Plugin, versions 8.0.11 and earlier, contains a vulnerability classified as CVE-2026-57318 that exposes sensitive subscriber data. This means that malicious actors can access confidential information that should normally be restricted to regular users.

Detection Guidance

The vulnerability in the WordPress Site Reviews Plugin (versions 8.0.11 and earlier) involves sensitive data exposure. Detection typically involves monitoring for unusual access patterns or attempts to retrieve confidential information that should be restricted.

While no specific detection commands are provided, general approaches include:

  • Review web server logs for suspicious requests targeting the Site Reviews plugin endpoints.
  • Use network monitoring tools to detect unusual outbound data flows that may indicate data exfiltration.
  • Apply Patchstack's mitigation rules to block known attack patterns until the plugin is updated.

For precise detection commands or signatures, consulting Patchstack's mitigation resources or your hosting provider is recommended.

Impact Analysis

This vulnerability can lead to unauthorized access to sensitive subscriber data, potentially compromising user privacy and security. Because the vulnerability has a moderate severity score (6.5), it poses a risk of exploitation in widespread attacks targeting many websites using the affected plugin versions.

  • Exposure of confidential subscriber information
  • Potential privacy breaches for users
  • Increased risk of targeted attacks on websites using the vulnerable plugin
Compliance Impact

The vulnerability in the WordPress Site Reviews Plugin versions 8.0.11 and earlier involves sensitive data exposure, allowing unauthorized access to confidential subscriber information.

Such exposure of sensitive data can lead to non-compliance with data protection regulations and standards like GDPR and HIPAA, which require strict controls to protect personal and sensitive information from unauthorized access.

Therefore, organizations using affected versions of this plugin may face increased risk of violating these regulations if the vulnerability is exploited.

Mitigation Strategies

To mitigate the vulnerability CVE-2026-57318 in the WordPress Site Reviews Plugin versions 8.0.11 and earlier, immediate action is recommended.

  • Update the plugin to version 8.0.12 or later.
  • If updating is not feasible, seek assistance from your hosting provider or web developer.
  • Use the mitigation rule provided by Patchstack to block attacks until the plugin is updated.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57318. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart