cleantalk
Vulnerabilities and Security Researches

Ultimate Reviews, CVE-2020-36726

CVE, Research URL

CVE-2020-36726

Home page URL

Security reports for Ultimate Reviews

Application

Ultimate Reviews

Published on
Jun 07, 2023
Research Description
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.
Affected versions
max 2.1.33.
Status
vulnerable
Previous vulnerability researches
WP Ultimate Reviews FREE (CVE-2025-23739) , Mar 05, 2025
Ultimate Reviews (6f21ed04a9f12ae477da929e077a2ecc2ffeb911) , Jun 16, 2026
Ultimate Reviews (CVE-2025-49266) , Jun 15, 2025
Ultimate Reviews (CVE-2022-23979) , Jun 07, 2024
Ultimate Reviews (CVE-2024-25597) , Jun 07, 2024
New vulnerability
Custom Order Status for WooCommerce (8e67b1e8-1172-4634-9dac-93f54297931a) , Jun 16, 2026
WPshop 2 – E-Commerce (405aa69006f803e554963210e83e3bd549a1ebe1) , Jun 16, 2026
WPshop 2 – E-Commerce (85bb2718-2228-4405-8b50-76995dbf6862) , Jun 16, 2026
WPshop 2 – E-Commerce (0f9c01caef7f6babf3ec24ce1fd97b741071e5b9) , Jun 16, 2026
WPshop 2 – E-Commerce (6d9637e162c1f4d521a590681b37fa2918babece) , Jun 16, 2026