CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32683 – WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-32683
17 Apr 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Wpmet Wp Ultimate Review. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The WP Ultimate Review plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user con... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32684 – WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability
https://notcve.org/view.php?id=CVE-2024-32684
17 Apr 2024 — Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Vulnerabilidad de autorización faltante en Wpmet Wp Ultimate Review. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The Wp Ultimate Review plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wur_meta_box_content_save() function in versions up to, and including, 2.2.5. This makes it possible for unauthenticated... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-broken-access-control-on-review-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32685 – WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability
https://notcve.org/view.php?id=CVE-2024-32685
17 Apr 2024 — Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. La vulnerabilidad de aplicación del lado del cliente de seguridad del lado del servidor en Wpmet Wp Ultimate Review permite omitir la funcionalidad. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The WP Ultimate Review plugin for WordPress is vulnerable to bypass review restrictions in all versions up to, and i... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-review-score-manipulation-vulnerability?_s_id=cve • CWE-602: Client-Side Enforcement of Server-Side Security CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21746 – WordPress Wp Ultimate Review plugin <= 2.3.2 - IP limit Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-21746
05 Jan 2024 — Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2. La vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Wpmet Wp Ultimate Review permite omitir la funcionalidad. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.3.2. The WP Ultimate Review plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.3.5 due to insuf... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46085 – WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46085
16 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Wpmet Wp Ultimate Review en versiones <= 2.2.4. The Wp Ultimate Review plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing nonce validation on the wur_settings_view() function. This makes it possible for unauthenticated attackers to modify the plugin's setting... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28751 – WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2023-28751
29 Mar 2023 — Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. The Wp Ultimate Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injec... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28987 – WordPress Wp Ultimate Review Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28987
29 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Wpmet Wp Ultimate Review en versiones <= 2.0.3. The Wp Ultimate Review plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.3. This is due to missing nonce validation on several functions like wur_settings_view(). This makes it possible for unauthenticated attackers to perform unauthori... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-0-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •