CVE-2024-32684

CVE-2024-32684 is a Missing Authorization vulnerability in the WordPress plugin “WP Ultimate Review.” The vulnerability affects WP Ultimate Review versions 2.2.5 and earlier (per the CVE entry: “from n/a through 2.2.5”). Public records in the initial document indicate a high-severity impact with ...

CVE-2024-32683

CVE-2024-32683 targets the WP Ultimate Review WordPress plugin. Connected sources describe an unauthenticated bypass via a user-controlled key/ID, enabling direct object reference and potentially bypassing review restrictions in versions up to 2.2.5. Public advisories (RH) label it as an Authoriz...

CVE-2024-32685

CVE-2024-32685 targets the WP Ultimate Review WordPress plugin (

CVE-2024-21746

CVE-2024-21746 affects WP Ultimate Review plugin for WordPress, exposing an unauthenticated IP spoofing-based bypass that can bypass authentication and enable a functionality bypass. Public sources list vulnerable versions as <= 2.3.5 (and initial description cites

CVE-2023-46085

CVE-2023-46085 affects the WordPress plugin WP Ultimate Review (Wpmet) . The vulnerability is a Cross-Site Request Forgery (CSRF) in the plugin versions ≤ 2.2.4. Public records in the connected documents cite an actionable CSRF issue associated with this CVE, with remediation guidance indicating ...

CVE-2023-28751

CVE-2023-28751 affects WP Ultimate Review (Wpmet) plugin

CVE-2023-28987

CVE-2023-28987 is a CSRF vulnerability in the WordPress plugin Wp Ultimate Review (Wpmet Wp Ultimate Review) affecting versions <= 2.0.3. The issue allows an attacker to perform unintended actions on behalf of an authenticated or unauthenticated user, depending on context, due to CSRF flaws de...