ThreatPress

WordPress Vulnerability Database

Back

WordPress Ultimate Reviews plugin <= 2.1.32 - Insecure Deserialization vulnerability leading to unauthenticated PHP object injection

Product
Ultimate Reviews
Description
Insecure Deserialization vulnerability leading to unauthenticated PHP object injection found by Jerome Bruandet (NinTechNet) in WordPress Ultimate Reviews plugin (versions <= 2.1.32).
Solution
Update the WordPress Ultimate Reviews plugin to the latest available version (at least 2.1.33).
Classification
Type PHP Object Injection
OWASP Top 10 A1: Injection
References
Vulnerability details
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.1.32
Fixed In 2.1.33
Disclosure date
2020-11-10
Credits
Jerome Bruandet