7 results (0.004 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. La vulnerabilidad de aplicación del lado del cliente de seguridad del lado del servidor en Wpmet Wp Ultimate Review permite omitir la funcionalidad. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The WP Ultimate Review plugin for WordPress is vulnerable to bypass review restrictions in all versions up to, and including, 2.2.5. This is due to the plugin not properly enforcing review restrictions. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-review-score-manipulation-vulnerability?_s_id=cve • CWE-602: Client-Side Enforcement of Server-Side Security CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Vulnerabilidad de autorización faltante en Wpmet Wp Ultimate Review. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The Wp Ultimate Review plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wur_meta_box_content_save() function in versions up to, and including, 2.2.5. This makes it possible for unauthenticated attackers to leave reviews on password protected posts. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-broken-access-control-on-review-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Wpmet Wp Ultimate Review. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The WP Ultimate Review plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2. La vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Wpmet Wp Ultimate Review permite omitir la funcionalidad. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.3.2. The WP Ultimate Review plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.3.4 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass IP rate limiting. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Wpmet Wp Ultimate Review en versiones &lt;= 2.2.4. The Wp Ultimate Review plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing nonce validation on the wur_settings_view() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •