GCVE - cpe:2.3:a:rustaurius:ultimate_reviews:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:rustaurius:ultimate_reviews:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Rustaurius (`5e3e0378-d0c0-51d4-b75b-45b9e4f00a60`)
Product	Ultimate Reviews (`9688f6ae-772e-5f40-b38a-877bea1d4bb0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-24634`	vulnerable	2026-06-08 07:51:17.924136	WordPress Ultimate Reviews plugin <= 3.2.16 - Insecure Direct Object References (IDOR) vulnerability MEDIUM (5.3) Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16. Published: 2026-01-23T14:29:08.973Z Updated: 2026-04-28T16:14:50.936Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/ultimate-reviews/vulnerability/wordpress-ultimate-reviews-plugin-3-2-16-insecure-direct-object-references-idor-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-49266`	vulnerable	2026-06-08 07:29:12.832298	WordPress Ultimate Reviews plugin <= 3.2.14 - Reflected Cross Site Scripting (XSS) vulnerability HIGH (7.1) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Reflected XSS.This issue affects Ultimate Reviews: from n/a through <= 3.2.14. Published: 2025-06-17T15:01:24.743Z Updated: 2026-04-28T16:12:59.786Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/ultimate-reviews/vulnerability/wordpress-ultimate-reviews-plugin-3-2-14-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36726`	vulnerable	2026-06-08 05:25:49.485227	Ultimate Reviews < 2.1.33 - PHP Object Injection CRITICAL (9.8) The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. Published: 2023-06-07T01:51:46.527Z Updated: 2026-04-08T17:27:32.795Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/db30acd7-ce51-45d9-8ff0-6ceea8237a8c?source=cve https://blog.nintechnet.com/wordpress-ultimate-reviews-plugin-fixed-insecure-deserialization-vulnerability/ https://plugins.trac.wordpress.org/changeset/2409141	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.