3 matches found
CVE-2024-25597
CVE-2024-25597 affects WordPress plugin Ultimate Reviews (Etoile Web Design) up to version 3.2.8. The issue is unauthorized, stored XSS triggered via the reviews feature due to improper input handling during page generation. The vulnerability is addressed in version 3.2.9 (patched). No exploitati...
CVE-2022-23979
CVE-2022-23979 affects WordPress plugin Ultimate Reviews (versions ≤ 3.0.15). Affected component: the plugin’s handling of client-side data, leading to an authenticated Stored XSS when operated by admin+ users. Root cause: lack of proper validation/sanitisation of input by the web application (pe...
CVE-2020-36726
The CVE concerns WordPress plugin “The Ultimate Reviews” (WordPress) with a PHP Object Injection vulnerability in versions up to and including 2.1.32, caused by deserialization of untrusted input in several vulnerable functions. The issue allows unauthenticated attackers to inject a PHP object; n...