Wp Ultimate Review

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-39644 MEDIUM This Month

Missing authorization in Roxnor Wp Ultimate Review plugin versions up to 2.3.8 allows unauthenticated remote attackers to access restricted functionality through incorrectly configured access control security levels, resulting in limited information disclosure. The vulnerability carries a low EPSS exploitation probability (0.02%, 4th percentile) and has not been confirmed as actively exploited, though the simple attack vector (network-accessible, no complexity, no authentication required) means opportunistic exploitation is feasible.

Authentication Bypass Wp Ultimate Review
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-39644
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in Roxnor Wp Ultimate Review plugin versions up to 2.3.8 allows unauthenticated remote attackers to access restricted functionality through incorrectly configured access control security levels, resulting in limited information disclosure. The vulnerability carries a low EPSS exploitation probability (0.02%, 4th percentile) and has not been confirmed as actively exploited, though the simple attack vector (network-accessible, no complexity, no authentication required) means opportunistic exploitation is feasible.

Authentication Bypass Wp Ultimate Review
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy