CVE-2020-36726
First published: Wed Jun 07 2023(Updated: )
The Ultimate Reviews plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.1.32 via deserialization of untrusted input in several vulnerable functions. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Etoile Web Design Ultimate Reviews | <=2.1.32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of the Ultimate Reviews plugin for WordPress vulnerability?
The vulnerability ID is CVE-2020-36726.
What is the severity rating of CVE-2020-36726?
The severity rating of CVE-2020-36726 is 9.8 (critical).
What is the affected software of CVE-2020-36726?
The affected software is the Ultimate Reviews plugin for WordPress version up to and including 2.1.32.
How can an attacker exploit CVE-2020-36726?
An unauthenticated attacker can exploit CVE-2020-36726 by injecting a PHP Object via deserialization of untrusted input.
Are there any patches or fixes available for CVE-2020-36726?
Yes, a fix has been released. It is recommended to update the Ultimate Reviews plugin for WordPress to the latest version to address the vulnerability.
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/etoilewebdesign
- canonical/etoile web design ultimate reviews
- version/etoile web design ultimate reviews/2.1.32