CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32685 – WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability
https://notcve.org/view.php?id=CVE-2024-32685
Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. La vulnerabilidad de aplicación del lado del cliente de seguridad del lado del servidor en Wpmet Wp Ultimate Review permite omitir la funcionalidad. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The WP Ultimate Review plugin for WordPress is vulnerable to bypass review restrictions in all versions up to, and including, 2.2.5. This is due to the plugin not properly enforcing review restrictions. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-review-score-manipulation-vulnerability?_s_id=cve • CWE-602: Client-Side Enforcement of Server-Side Security CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32684 – WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability
https://notcve.org/view.php?id=CVE-2024-32684
Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Vulnerabilidad de autorización faltante en Wpmet Wp Ultimate Review. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The Wp Ultimate Review plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wur_meta_box_content_save() function in versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to leave reviews on password protected posts. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-broken-access-control-on-review-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32683 – WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-32683
Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Wpmet Wp Ultimate Review. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The WP Ultimate Review plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21746 – WordPress Wp Ultimate Review plugin <= 2.3.2 - IP limit Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-21746
Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2. La vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Wpmet Wp Ultimate Review permite omitir la funcionalidad. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.3.2. The WP Ultimate Review plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.3.4 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP rate limiting. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •