Ultimate Reviews CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Etoilewebdesign Subscriptions

Filtered by product Ultimate Reviews Subscriptions

Search

Switch to Advanced Search (Beta)

Total 3 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-23979	1 Etoilewebdesign	1 Ultimate Reviews	2025-02-20	4.8 Medium
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15).
CVE-2024-25597	1 Etoilewebdesign	1 Ultimate Reviews	2025-01-23	7.1 High
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8.
CVE-2020-36726	1 Etoilewebdesign	1 Ultimate Reviews	2024-12-28	9.8 Critical
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.

Page 1 of 1.