CVE-2026-24634

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through = 3.2.16...

CVE-2026-24634

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through = 3.2.16...

CVE-2026-24634 WordPress Ultimate Reviews plugin <= 3.2.16 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through = 3.2.16...

EUVD-2024-22925

Malicious code in bioql PyPI...

EUVD-2022-28894

Malicious code in bioql PyPI...

CVE-2025-49266

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Reflected XSS.This issue affects Ultimate Reviews: from n/a through = 3.2.14...

WordPress plugin Ultimate Reviews 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

WordPress Ultimate Reviews plugin <= 3.2.14 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Ryan Novotny in WordPress Plugin Ultimate Reviews versions = 3.2.14...

CVE-2024-25597

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8...

CVE-2024-25597

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8...

CVE-2024-25597 WordPress Ultimate Reviews plugin <= 3.2.8 - Unauthenticated Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8...

CVE-2024-25597

CVE-2024-25597 affects WordPress plugin Ultimate Reviews (Etoile Web Design) up to version 3.2.8. The issue is unauthorized, stored XSS triggered via the reviews feature due to improper input handling during page generation. The vulnerability is addressed in version 3.2.9 (patched). No exploitati...

CVE-2020-36726 Ultimate Reviews < 2.1.33 - PHP Object Injection

The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable...

WordPress Ultimate Reviews plugin cross-site scripting vulnerability

WordPress plugin is a WordPress application plugin. WordPress Ultimate Reviews plugin 3.0.15 and earlier versions contain a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data by the WEB application. An attacker could exploit this vulnerability to...

CVE-2022-23979

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability discovered in Ultimate Reviews WordPress plugin versions = 3.0.15...

CVE-2022-23979

CVE-2022-23979 affects WordPress plugin Ultimate Reviews (versions ≤ 3.0.15). Affected component: the plugin’s handling of client-side data, leading to an authenticated Stored XSS when operated by admin+ users. Root cause: lack of proper validation/sanitisation of input by the web application (pe...

CVE-2022-23979 WordPress Ultimate Reviews plugin <= 3.0.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated admin+ Stored Cross-Site Scripting XSS vulnerability discovered in Ultimate Reviews WordPress plugin versions = 3.0.15...

WordPress Ultimate Reviews plugin <= 3.0.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Ngo Van Thien Patchstack Red Team project in WordPress Ultimate Reviews plugin versions = 3.0.15. Solution Update the WordPress Ultimate Reviews plugin to the latest available version at least 3.0.16...

WordPress Ultimate Reviews plugin <= 2.1.32 - Insecure Deserialization vulnerability leading to unauthenticated PHP object injection

Insecure Deserialization vulnerability leading to unauthenticated PHP object injection found by Jerome Bruandet NinTechNet in WordPress Ultimate Reviews plugin versions = 2.1.32. Solution Update the WordPress Ultimate Reviews plugin to the latest available version at least 2.1.33...

Ultimate Reviews < 2.1.33 - Unauthenticated PHP Object Injection

There were three occurrences in the plugin where an unauthenticated user could inject a serialized PHP object via a cookie, which could potentially lead to a PHP object injection vulnerability...