Skip to main content

Wp Ultimate Review

7 CVEs product

Monthly

CVE-2026-39644 MEDIUM This Month

Missing authorization in Roxnor Wp Ultimate Review plugin versions up to 2.3.8 allows unauthenticated remote attackers to access restricted functionality through incorrectly configured access control security levels, resulting in limited information disclosure. The vulnerability carries a low EPSS exploitation probability (0.02%, 4th percentile) and has not been confirmed as actively exploited, though the simple attack vector (network-accessible, no complexity, no authentication required) means opportunistic exploitation is feasible.

Authentication Bypass Wp Ultimate Review
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2024-32685 MEDIUM This Month

Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Ultimate Review
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-32684 MEDIUM This Month

Missing Authorization vulnerability in Wpmet Wp Ultimate Review.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Ultimate Review
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-32683 MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Ultimate Review
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2023-28987 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Ultimate Review
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2023-46085 HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Ultimate Review
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2023-28751 MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Ultimate Review
NVD
CVSS 3.1
4.8
EPSS
0.4%
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing authorization in Roxnor Wp Ultimate Review plugin versions up to 2.3.8 allows unauthenticated remote attackers to access restricted functionality through incorrectly configured access control security levels, resulting in limited information disclosure. The vulnerability carries a low EPSS exploitation probability (0.02%, 4th percentile) and has not been confirmed as actively exploited, though the simple attack vector (network-accessible, no complexity, no authentication required) means opportunistic exploitation is feasible.

Authentication Bypass Wp Ultimate Review
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Client-Side Enforcement of Server-Side Security vulnerability in Wpmet Wp Ultimate Review allows Functionality Bypass.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Ultimate Review
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing Authorization vulnerability in Wpmet Wp Ultimate Review.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Ultimate Review
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.2.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Wp Ultimate Review
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.0.3 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Ultimate Review
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wp Ultimate Review
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Auth. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wp Ultimate Review
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy