cleantalk
Vulnerabilities and Security Researches

Ultimate Reviews, 75ad8726-09a5-49b7-9534-61371a543764

CVE, Research URL

75ad8726-09a5-49b7-9534-61371a543764

Home page URL

Security reports for Ultimate Reviews

Application

Ultimate Reviews

Published on
-
Research Description
Ultimate Reviews [ultimate-reviews] < 2.1.33 Ultimate Reviews &lt; 2.1.33 - Unauthenticated PHP Object Injection There were three occurrences in the plugin where an unauthenticated user could inject a serialized PHP object via a cookie, which could potentially lead to a PHP object injection vulnerability.
Affected versions
max 2.1.33.
Status
vulnerable
Previous vulnerability researches
WP Ultimate Reviews FREE (CVE-2025-23739) , Mar 05, 2025
Ultimate Reviews (6f21ed04a9f12ae477da929e077a2ecc2ffeb911) , Jun 16, 2026
Ultimate Reviews (CVE-2025-49266) , Jun 15, 2025
Ultimate Reviews (CVE-2022-23979) , Jun 07, 2024
Ultimate Reviews (CVE-2024-25597) , Jun 07, 2024
New vulnerability
Coinbase Commerce &#8211; Crypto Gateway for WooCommerce (61af4ef8ee19e1224b67b8678be91e6a8c7d877b) , Jun 16, 2026
Coinbase Commerce &#8211; Crypto Gateway for WooCommerce (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (fc2d7281-abec-475b-8e8d-8dbc47de78da) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (4336a858-e642-431f-9d69-9b8b5f6e5e36) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (fbb699ffd6cd26aa92e9fbcfae6975f1a571a917) , Jun 16, 2026