Missing Authorization vulnerability in Wp Ultimate Review
CVE-2024-32684

7.5HIGH

Key Information:

Vendor: WordPress
Status: WP Ultimate Review
Vendor: CVE Published:; 22 April 2024

Summary

A missing authorization vulnerability exists in the Wpmet Wp Ultimate Review plugin, which could allow unauthorized users to access certain review functions. This issue primarily affects versions of the plugin from n/a through 2.2.5, potentially compromising the integrity of user reviews and the overall security of WordPress installations. It is crucial for administrators to update to the latest version and implement necessary security measures to safeguard their sites.

Affected Version(s)

Wp Ultimate Review <= 2.2.5

References

https://patchstack.com/database/vulnerability/wp-ultimate...

vdb-entry

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2024
Vulnerability Reserved
Apr 17, 2024

Credit

Kyle Sanchez (Patchstack Alliance)