Vulnerabilities > CVE-2020-36726 - Deserialization of Untrusted Data vulnerability in Etoilewebdesign Ultimate Reviews

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
etoilewebdesign
CWE-502
critical

Summary

The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.

Vulnerable Configurations

Part Description Count
Application
Etoilewebdesign
140

Common Weakness Enumeration (CWE)