cleantalk
Vulnerabilities and Security Researches

Ultimate Reviews, df3690bd6a84bf7178e96f950b167e2809ab265f

CVE, Research URL

df3690bd6a84bf7178e96f950b167e2809ab265f

Home page URL

Security reports for Ultimate Reviews

Application

Ultimate Reviews

Published on
Nov 10, 2020
Research Description
Ultimate Reviews [ultimate-reviews] < 2.1.33 Ultimate Reviews < 2.1.33 - PHP Object Injection The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.
Affected versions
max 2.1.33.
Status
vulnerable
Previous vulnerability researches
WP Ultimate Reviews FREE (CVE-2025-23739) , Mar 05, 2025
Ultimate Reviews (6f21ed04a9f12ae477da929e077a2ecc2ffeb911) , Jun 16, 2026
Ultimate Reviews (CVE-2025-49266) , Jun 15, 2025
Ultimate Reviews (CVE-2022-23979) , Jun 07, 2024
Ultimate Reviews (CVE-2024-25597) , Jun 07, 2024
New vulnerability
Coinbase Commerce &#8211; Crypto Gateway for WooCommerce (61af4ef8ee19e1224b67b8678be91e6a8c7d877b) , Jun 16, 2026
Coinbase Commerce &#8211; Crypto Gateway for WooCommerce (6d8910c719b2a132ec93828cd37e418b19cac960) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (fc2d7281-abec-475b-8e8d-8dbc47de78da) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (4336a858-e642-431f-9d69-9b8b5f6e5e36) , Jun 16, 2026
WP SMS &#8211; Messaging &amp; SMS Notification for WordPress, WooCommerce, GravityForms, etc (fbb699ffd6cd26aa92e9fbcfae6975f1a571a917) , Jun 16, 2026