Vulnerabilities > Etoilewebdesign > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-07 | CVE-2020-36726 | Deserialization of Untrusted Data vulnerability in Etoilewebdesign Ultimate Reviews The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. | 9.8 |
| 2017-08-02 | CVE-2017-12199 | SQL Injection vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11 The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item. | 9.8 |