CVE-2022-1772 The Google Places Reviews plugin before 2.0.0 did not properly escape its API key, which is reflected on the site's administration panel.

In the latest 2.0.0 version of the plugin, the Google Places Reviews code has been refactored to fix this issue. If you are using this version, it is safe to proceed with the installation. As a precaution, we recommend that you review the plugin settings and make sure that the key is properly secured. In case you are using the older version of the plugin, we recommend deactivating the plugin until you are 100% certain that you have upgraded.

Installation Instructions: Securing Google Places Reviews Plugin

For instructions on how to secure the Google Places Reviews plugin, please follow these steps:
1. Delete any old versions of the plugin from your WordPress installation.
2. Download and activate the new version of the plugin in your WordPress installation.
3. Log into your WordPress admin panel, navigate to Settings -> Google Places Reviews -> Ordering and select "Myself only".
4. After you have checked, hit Save Changes at the bottom of the page.
5. Backup your database before updating to make sure nothing gets lost on accident!
6. You're all set! Be sure to test out the new features of this version and let us know what you think!

Steps to troubleshoot Google Places Reviews API Key API Key Issue

If you are using the older version of the plugin and have not upgraded to 2.0.0, you may be seeing this error when trying to use the Google Places Reviews:
"Can't get required key for Google Places Reviews."
This means that your API key is not properly secured and not in compliance with the new requirements. To get your key up-to-date, please follow these steps:
1. Navigate to your WordPress dashboard and select "Plugins."
2. In the list of plugins, locate "Google Places Reviews."
3. Go to "Settings" and find the checkbox titled "Enable Google Places Reviews Plugin." Check it off if it is not already checked.
4. Click "Save Changes."

What is a Google Places Reviews Vulnerability?

A Google Places Reviews vulnerability is a security issue in which users are able to remove reviews from their own business listing on Google Places, thus removing any negative information that may have been posted to the listing. This vulnerability was discovered and reported on by Chris Vickery of MacKeeper, who in turn reported it to the plugin's developer, HikaShop.

Disabling the Google Places Reviews plugin

Ensure that you have the latest version of the plugin. If you are using a previous version, we recommend disabling it until you upgrade.
To disable the plugin:
- Click on Settings in the WordPress dashboard, then click on Google Places Reviews.
- Uncheck "Enabled" to deactivate the plugin.

How to check if your site is vulnerable

Check for the plugin's update status. It is advisable to not use an old version of the plugin if you are using a secure key.

Timeline

Published on: 06/13/2022 13:15:00 UTC
Last modified on: 06/21/2022 17:39:00 UTC

References