GCVE - cpe:2.3:a:roxnor:wp_ultimate_review:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:roxnor:wp_ultimate_review:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Roxnor (`30f963bc-c503-5cb4-ba58-0f6bd7aae986`)
Product	Wp Ultimate Review (`f127c14a-b4f2-53dc-98fe-b67e66b12204`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-39644`	vulnerable	2026-06-03 15:22:12.829808	WordPress Wp Ultimate Review plugin <= 2.3.8 - Broken Access Control vulnerability MEDIUM (5.3) Missing Authorization vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wp Ultimate Review: from n/a through <= 2.3.8. Published: 2026-04-08T08:30:32.605Z Updated: 2026-04-29T09:52:03.739Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wp-ultimate-review/vulnerability/wordpress-wp-ultimate-review-plugin-2-3-8-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-63057`	vulnerable	2026-06-03 15:09:36.112343	WordPress Wp Ultimate Review plugin <= 2.3.7 - Cross Site Scripting (XSS) vulnerability MEDIUM (6.5) Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows DOM-Based XSS.This issue affects Wp Ultimate Review: from n/a through <= 2.3.7. Published: 2025-12-09T14:52:32.998Z Updated: 2026-04-28T16:14:09.728Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wp-ultimate-review/vulnerability/wordpress-wp-ultimate-review-plugin-2-3-6-cross-site-scripting-xss-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-21746`	vulnerable	2026-06-03 14:54:50.591541	WordPress Wp Ultimate Review plugin <= 2.3.6 - IP limit Bypass vulnerability MEDIUM (5.3) Authentication Bypass by Spoofing vulnerability in Roxnor Wp Ultimate Review wp-ultimate-review allows Identity Spoofing.This issue affects Wp Ultimate Review: from n/a through <= 2.3.6. Published: 2024-05-17T08:46:01.927Z Updated: 2026-04-29T09:51:52.568Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/wp-ultimate-review/vulnerability/wordpress-wp-ultimate-review-plugin-2-2-5-ip-limit-bypass-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.