Etoilewebdesign - Ultimate Reviews CVE - OpenCVE

Filtered by vendor Etoilewebdesign Subscriptions

Filtered by product Ultimate Reviews Subscriptions

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2022-23979	1 Etoilewebdesign	1 Ultimate Reviews	2024-09-17	4.8 Medium
Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versions <= 3.0.15).
CVE-2020-36726	1 Etoilewebdesign	1 Ultimate Reviews	2024-08-04	9.8 Critical
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.

Page 1 of 1.