CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32683 – WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability
https://notcve.org/view.php?id=CVE-2024-32683
17 Apr 2024 — Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en Wpmet Wp Ultimate Review. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The WP Ultimate Review plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user con... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32684 – WordPress WP Ultimate Review plugin <= 2.2.5 - Broken Access Control on Review vulnerability
https://notcve.org/view.php?id=CVE-2024-32684
17 Apr 2024 — Missing Authorization vulnerability in Wpmet Wp Ultimate Review.This issue affects Wp Ultimate Review: from n/a through 2.2.5. Vulnerabilidad de autorización faltante en Wpmet Wp Ultimate Review. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The Wp Ultimate Review plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the wur_meta_box_content_save() function in versions up to, and including, 2.2.5. This makes it possible for unauthenticated... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-broken-access-control-on-review-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32685 – WordPress WP Ultimate Review plugin <= 2.2.5 - Review Score Manipulation vulnerability
https://notcve.org/view.php?id=CVE-2024-32685
17 Apr 2024 — Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.2.5. La vulnerabilidad de aplicación del lado del cliente de seguridad del lado del servidor en Wpmet Wp Ultimate Review permite omitir la funcionalidad. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.2.5. The WP Ultimate Review plugin for WordPress is vulnerable to bypass review restrictions in all versions up to, and i... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-review-score-manipulation-vulnerability?_s_id=cve • CWE-602: Client-Side Enforcement of Server-Side Security CWE-862: Missing Authorization •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-21746 – WordPress Wp Ultimate Review plugin <= 2.3.2 - IP limit Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-21746
05 Jan 2024 — Authentication Bypass by Spoofing vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.This issue affects Wp Ultimate Review: from n/a through 2.3.2. La vulnerabilidad de omisión de autenticación mediante suplantación de identidad en Wpmet Wp Ultimate Review permite omitir la funcionalidad. Este problema afecta a Wp Ultimate Review: desde n/a hasta 2.3.2. The WP Ultimate Review plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 2.3.5 due to insuf... • https://patchstack.com/database/vulnerability/wp-ultimate-review/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-348: Use of Less Trusted Source •