Ultimate Reviews

ultimate_reviews

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-25597 1Etoilewebdesign 1Ultimate Reviews Apr 28, 2026 Mar 15, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8.
CVE-2020-36726 1Etoilewebdesign 1Ultimate Reviews Apr 8, 2026 Jun 7, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated...Show more The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.Show less
CVE-2022-23979 1Etoilewebdesign 1Ultimate Reviews Feb 20, 2025 Jan 28, 2022 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15).